ID

VAR-202012-1277


CVE

CVE-2020-8284


TITLE

curl  Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-014403

DESCRIPTION

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. curl Contains an information disclosure vulnerability.Information may be obtained. HAXX Haxx curl is a set of file transfer tools that use the URL syntax to work under the command line of the Swedish Haxx (HAXX) company. The tool supports file upload and download and includes a libcurl (client URL transfer library) for program development. There is a security vulnerability in Haxx curl FTP PASV Responses. Attackers can use this vulnerability to bypass data access restrictions and obtain sensitive information through curl's FTP PASV Responses. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1868032 - CVE-2020-8231 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set 1873327 - libcurl: Segfault when HTTPS_PROXY and NO_PROXY is used together 1895391 - multiarch conflicts in libcurl-minimal 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1918692 - Body dropped from POST request when using proxy with NTLM authentication 6. Package List: Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Bug Fix(es): * WMCO patch pub-key-hash annotation to Linux node (BZ#1945248) * LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917) * Telemetry info not completely available to identify windows nodes (BZ#1955319) * WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412) * kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263) 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.7.13 bug fix and security update Advisory ID: RHSA-2021:2121-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:2121 Issue date: 2021-06-01 CVE Names: CVE-2016-10228 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-18811 CVE-2019-19523 CVE-2019-19528 CVE-2019-25013 CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-0431 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-10543 CVE-2020-10878 CVE-2020-11608 CVE-2020-12114 CVE-2020-12362 CVE-2020-12464 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-14314 CVE-2020-14344 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14356 CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 CVE-2020-14363 CVE-2020-15358 CVE-2020-15437 CVE-2020-15586 CVE-2020-16845 CVE-2020-24330 CVE-2020-24331 CVE-2020-24332 CVE-2020-24394 CVE-2020-24977 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25659 CVE-2020-25704 CVE-2020-25712 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-27786 CVE-2020-27835 CVE-2020-28196 CVE-2020-28935 CVE-2020-28974 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-35508 CVE-2020-36242 CVE-2020-36322 CVE-2021-0342 CVE-2021-3121 CVE-2021-3177 CVE-2021-3326 CVE-2021-21642 CVE-2021-21643 CVE-2021-21644 CVE-2021-21645 CVE-2021-23336 CVE-2021-25215 CVE-2021-30465 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.7.13 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:2122 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html This update fixes the following bug among others: * Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238) Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64 The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing 5. References: https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-18811 https://access.redhat.com/security/cve/CVE-2019-19523 https://access.redhat.com/security/cve/CVE-2019-19528 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2019-25032 https://access.redhat.com/security/cve/CVE-2019-25034 https://access.redhat.com/security/cve/CVE-2019-25035 https://access.redhat.com/security/cve/CVE-2019-25036 https://access.redhat.com/security/cve/CVE-2019-25037 https://access.redhat.com/security/cve/CVE-2019-25038 https://access.redhat.com/security/cve/CVE-2019-25039 https://access.redhat.com/security/cve/CVE-2019-25040 https://access.redhat.com/security/cve/CVE-2019-25041 https://access.redhat.com/security/cve/CVE-2019-25042 https://access.redhat.com/security/cve/CVE-2020-0431 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-11608 https://access.redhat.com/security/cve/CVE-2020-12114 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12464 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-14314 https://access.redhat.com/security/cve/CVE-2020-14344 https://access.redhat.com/security/cve/CVE-2020-14345 https://access.redhat.com/security/cve/CVE-2020-14346 https://access.redhat.com/security/cve/CVE-2020-14347 https://access.redhat.com/security/cve/CVE-2020-14356 https://access.redhat.com/security/cve/CVE-2020-14360 https://access.redhat.com/security/cve/CVE-2020-14361 https://access.redhat.com/security/cve/CVE-2020-14362 https://access.redhat.com/security/cve/CVE-2020-14363 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15437 https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/cve/CVE-2020-24330 https://access.redhat.com/security/cve/CVE-2020-24331 https://access.redhat.com/security/cve/CVE-2020-24332 https://access.redhat.com/security/cve/CVE-2020-24394 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25212 https://access.redhat.com/security/cve/CVE-2020-25284 https://access.redhat.com/security/cve/CVE-2020-25285 https://access.redhat.com/security/cve/CVE-2020-25643 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25704 https://access.redhat.com/security/cve/CVE-2020-25712 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-27786 https://access.redhat.com/security/cve/CVE-2020-27835 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28935 https://access.redhat.com/security/cve/CVE-2020-28974 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-35508 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2020-36322 https://access.redhat.com/security/cve/CVE-2021-0342 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-21642 https://access.redhat.com/security/cve/CVE-2021-21643 https://access.redhat.com/security/cve/CVE-2021-21644 https://access.redhat.com/security/cve/CVE-2021-21645 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-30465 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYLXBgdzjgjWX9erEAQiYKw/+MeUvVzbi9kHuo6vE8J9xEQCvgpJtLfRM yj4VFCt8lkWmfGmuAMd5LkvD5suav1Gu9yA6E60VvKrorV6+PDOZ8jiUyzRR+di6 TZZ7Ji6taqaQUuf451KF39zuxYAh29pKT6mZMhmqK65jEg7uj66R8+P2p7tahaai Kkqe6LKxNCXyVzWmc5HHkc3AJJ6vSVIuMeA6KOHpXy0vy57jZKeyb3dau0BVl/ir ZbnbOHdTJ+7hEVV3yGwARcVgUhHDcHiSYAS+RUj7Hqx0RIFilb9RbOdoEdbauaWx CGIdSYmj1F4apCZuYWmhZxtQ5/Lsj7EPi+7UleyTzqgMQsqSr8kvxGe/yzfY+yAQ ++QCSnleeKu/+HjN72d73h8yWGGzMrc/rYwDJWcFwjIL6/pj4Tgm4OK30vJlQUz5 3gHuEDz+j42s270cv6dRDd9v5xpexxIOXyHzruFRLk4xVCnS17PGeJ4I9mJmkYxL 5GuCiMnixToobWtmrh9MX2Qjkhj81o4E+rLMvG/4yUk2kGejo/nLwgZNsSz8gN5Z gMZOYSDys2zJu6/jmxY/8MXzS3yNIJj3FxXe7w5XA0mHUuuZ/EaJsMLnlCCSRARV GpMwj1/Aj1ZSNeYplr2YwQz7lB7hp+J/vn567zBPeYQus5EAyzqzudTbSLdm8ZyL PEh85hYKLe4= =Xe05 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. ========================================================================== Ubuntu Security Notice USN-4665-2 December 09, 2020 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. (CVE-2020-8284) It was discovered that curl incorrectly handled FTP wildcard matchins. A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm6 libcurl3 7.35.0-1ubuntu2.20+esm6 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm6 libcurl3-nss 7.35.0-1ubuntu2.20+esm6 Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.29 libcurl3 7.22.0-3ubuntu4.29 libcurl3-gnutls 7.22.0-3ubuntu4.29 libcurl3-nss 7.22.0-3ubuntu4.29 In general, a standard system update will make all the necessary changes

Trust: 2.34

sources: NVD: CVE-2020-8284 // JVNDB: JVNDB-2020-014403 // VULHUB: VHN-186409 // VULMON: CVE-2020-8284 // PACKETSTORM: 162629 // PACKETSTORM: 163257 // PACKETSTORM: 163188 // PACKETSTORM: 162877 // PACKETSTORM: 163789 // PACKETSTORM: 160436

AFFECTED PRODUCTS

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.14.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:eqversion:11.0.1

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:haxxmodel:curlscope:lteversion:7.73.0

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp2410

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp2410

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp2410

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp2410

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp2410

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:netappmodel:hci storage nodescope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:applemodel:macosscope:eqversion:11.1

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp3110

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:netappmodel:hci bootstrap osscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp3110

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp2410

Trust: 1.0

vendor:applemodel:macosscope:eqversion:11.2

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp3110

Trust: 1.0

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:haxxmodel:curlscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014403 // NVD: CVE-2020-8284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8284
value: LOW

Trust: 1.0

NVD: CVE-2020-8284
value: LOW

Trust: 0.8

VULHUB: VHN-186409
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8284
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8284
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-186409
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8284
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-8284
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186409 // VULMON: CVE-2020-8284 // JVNDB: JVNDB-2020-014403 // NVD: CVE-2020-8284

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-186409 // JVNDB: JVNDB-2020-014403 // NVD: CVE-2020-8284

TYPE

overflow

Trust: 0.1

sources: PACKETSTORM: 163188

PATCH

title:trusting FTP PASV responsesurl:https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html

Trust: 0.8

title:Debian CVElist Bug Report Logs: curl: CVE-2020-8284: trusting FTP PASV responsesurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=0ffb05dc08c6c9f5251a5fb47d2c1b45

Trust: 0.1

title:IBM: Security Bulletin: IBM MQ is affected by a vulnerability within libcurl (CVE-2020-8284)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8dce374d73a7e6e542a5aecc279d3c25

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-8284 log

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1693url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1693

Trust: 0.1

title:Debian Security Advisories: DSA-4881-1 curl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a9706a30f62799ecc4d45bdb53c244eb

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=4a9822530e6b610875f83ffc10e02aba

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:evilFTPurl:https://github.com/vp777/evilFTP

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-40491

Trust: 0.1

title:surferFTPurl:https://github.com/vp777/surferFTP

Trust: 0.1

title:clair-clienturl:https://github.com/indece-official/clair-client

Trust: 0.1

title:PIA-PCurl:https://github.com/zanezhub/PIA-PC

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2020-8284 // JVNDB: JVNDB-2020-014403

EXTERNAL IDS

db:NVDid:CVE-2020-8284

Trust: 2.6

db:SIEMENSid:SSA-389290

Trust: 1.1

db:HACKERONEid:1040166

Trust: 1.1

db:JVNDBid:JVNDB-2020-014403

Trust: 0.8

db:PACKETSTORMid:160436

Trust: 0.2

db:PACKETSTORMid:163257

Trust: 0.2

db:PACKETSTORMid:162629

Trust: 0.2

db:PACKETSTORMid:160706

Trust: 0.1

db:PACKETSTORMid:163197

Trust: 0.1

db:PACKETSTORMid:163267

Trust: 0.1

db:PACKETSTORMid:163276

Trust: 0.1

db:PACKETSTORMid:163496

Trust: 0.1

db:PACKETSTORMid:160423

Trust: 0.1

db:PACKETSTORMid:163193

Trust: 0.1

db:VULHUBid:VHN-186409

Trust: 0.1

db:VULMONid:CVE-2020-8284

Trust: 0.1

db:PACKETSTORMid:163188

Trust: 0.1

db:PACKETSTORMid:162877

Trust: 0.1

db:PACKETSTORMid:163789

Trust: 0.1

sources: VULHUB: VHN-186409 // VULMON: CVE-2020-8284 // JVNDB: JVNDB-2020-014403 // PACKETSTORM: 162629 // PACKETSTORM: 163257 // PACKETSTORM: 163188 // PACKETSTORM: 162877 // PACKETSTORM: 163789 // PACKETSTORM: 160436 // NVD: CVE-2020-8284

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20210122-0007/

Trust: 1.1

url:https://support.apple.com/kb/ht212325

Trust: 1.1

url:https://support.apple.com/kb/ht212326

Trust: 1.1

url:https://support.apple.com/kb/ht212327

Trust: 1.1

url:https://www.debian.org/security/2021/dsa-4881

Trust: 1.1

url:https://security.gentoo.org/glsa/202012-14

Trust: 1.1

url:https://curl.se/docs/cve-2020-8284.html

Trust: 1.1

url:https://hackerone.com/reports/1040166

Trust: 1.1

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8284

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2020-8231

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-2708

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-28196

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-2708

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9169

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8285

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-3842

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-24977

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-3842

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-13776

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-27219

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25039

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25037

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25037

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-28935

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25034

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25035

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-26116

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25038

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-26137

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25040

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25042

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25042

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12362

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25038

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25032

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25041

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25036

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25032

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-27619

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-25215

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3177

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25036

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25035

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-23336

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12362

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25039

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25040

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25041

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25034

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-8231

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8286

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13776

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12364

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24330

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24331

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24332

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3114

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12364

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14347

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25712

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13543

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9951

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36242

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9948

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13584

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14360

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25659

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9983

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14345

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14344

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14361

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14346

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1610

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29362

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3450

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2130

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20305

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/windows_containers/window

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8927

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3450

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24977

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29361

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28196

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28165

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28092

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28163

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21309

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3501

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27170

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2433

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2461

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12114

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25704

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0431

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18811

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27783

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19528

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12464

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14314

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14356

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21643

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27786

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25643

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24394

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0431

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0342

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18811

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21644

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25285

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35508

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25212

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28974

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2121

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15437

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25284

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11608

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11608

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21642

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23240

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23239

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3537

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33909

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20201

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3541

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3119

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25217

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28211

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33910

Trust: 0.1

url:https://usn.ubuntu.com/4665-1

Trust: 0.1

url:https://usn.ubuntu.com/4665-2

Trust: 0.1

sources: VULHUB: VHN-186409 // JVNDB: JVNDB-2020-014403 // PACKETSTORM: 162629 // PACKETSTORM: 163257 // PACKETSTORM: 163188 // PACKETSTORM: 162877 // PACKETSTORM: 163789 // PACKETSTORM: 160436 // NVD: CVE-2020-8284

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 162629 // PACKETSTORM: 163257 // PACKETSTORM: 163188 // PACKETSTORM: 162877 // PACKETSTORM: 163789

SOURCES

db:VULHUBid:VHN-186409
db:VULMONid:CVE-2020-8284
db:JVNDBid:JVNDB-2020-014403
db:PACKETSTORMid:162629
db:PACKETSTORMid:163257
db:PACKETSTORMid:163188
db:PACKETSTORMid:162877
db:PACKETSTORMid:163789
db:PACKETSTORMid:160436
db:NVDid:CVE-2020-8284

LAST UPDATE DATE

2024-11-07T21:37:19.424000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186409date:2022-05-13T00:00:00
db:VULMONid:CVE-2020-8284date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-014403date:2021-08-17T09:01:00
db:NVDid:CVE-2020-8284date:2024-04-08T22:50:54.947

SOURCES RELEASE DATE

db:VULHUBid:VHN-186409date:2020-12-14T00:00:00
db:VULMONid:CVE-2020-8284date:2020-12-14T00:00:00
db:JVNDBid:JVNDB-2020-014403date:2021-08-17T00:00:00
db:PACKETSTORMid:162629date:2021-05-19T13:56:56
db:PACKETSTORMid:163257date:2021-06-23T15:44:15
db:PACKETSTORMid:163188date:2021-06-17T17:53:22
db:PACKETSTORMid:162877date:2021-06-01T14:45:29
db:PACKETSTORMid:163789date:2021-08-11T16:15:17
db:PACKETSTORMid:160436date:2020-12-10T16:02:10
db:NVDid:CVE-2020-8284date:2020-12-14T20:15:13.903