ID

VAR-202012-1278


CVE

CVE-2020-8285


TITLE

HAXX libcurl Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202012-756

DESCRIPTION

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to trigger a fatal error via libcurl's FTP wildcards, thereby triggering a denial of service. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html For Red Hat OpenShift Logging 5.0, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u pgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1328 - Port fix to 5.0.z for BZ-1945168 6. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 General Availability release images, which fix several bugs and security issues. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html-single/install/index#installing 4. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update Advisory ID: RHSA-2021:2471-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:2471 Issue date: 2021-06-17 CVE Names: CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 CVE-2021-22901 CVE-2021-31618 ===================================================================== 1. Summary: Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901) * httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618) * libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169) * curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284) * curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285) * curl: Inferior OCSP verification (CVE-2020-8286) * curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876) * curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host 1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend 1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request 5. References: https://access.redhat.com/security/cve/CVE-2020-8169 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22890 https://access.redhat.com/security/cve/CVE-2021-22901 https://access.redhat.com/security/cve/CVE-2021-31618 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl&downloadType=securityPatches&version=1.1.1g https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe Ki6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol 2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP 3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd kUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx 61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd 3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG 1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ POl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2 iFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z 7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H butyhmDY1nQ= =gsJD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3 macOS Big Sur 11.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212325. APFS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1853: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications AppleMobileFileIntegrity Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: An issue in code signature validation was addressed with improved checks. CVE-2021-1849: Siguza Apple Neural Engine Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(吴潍浠) of Ant Group Tianqiong Security Lab Archive Utility Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-1810: an anonymous researcher Audio Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab CFNetwork Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Big Sur Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab CoreFoundation Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A validation issue was addressed with improved logic. CVE-2021-30659: Thijs Alkemade of Computest CoreGraphics Available for: macOS Big Sur Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University CoreText Available for: macOS Big Sur Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab curl Available for: macOS Big Sur Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher curl Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx DiskArbitration Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl (@theevilbit) of Offensive Security, and an anonymous researcher FaceTime Available for: macOS Big Sur Impact: Muting a CallKit call while ringing may not result in mute being enabled Description: A logic issue was addressed with improved state management. CVE-2021-1872: Siraj Zaneer of Facebook FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi (@hjy79425575) of Qihoo 360 Foundation Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1882: Gabe Kirkpatrick (@gabe_k) Foundation Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga Heimdal Available for: macOS Big Sur Impact: Processing maliciously crafted server messages may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1883: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A race condition was addressed with improved locking. CVE-2021-1884: Gabe Kirkpatrick (@gabe_k) ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30653: Ye Zhang of Baidu Security CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1843: Ye Zhang of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1885: CFF of Topsec Alpha Team ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1858: Mickey Jin of Trend Micro Installer Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2021-30658: Wojciech Reguła (@_r3ggi) of SecuRing Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1841: Jack Dates of RET2 Systems, Inc. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr Kernel Available for: macOS Big Sur Impact: Copied files may not have the expected file permissions Description: The issue was addressed with improved permissions logic. CVE-2021-1832: an anonymous researcher Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30660: Alex Plaskett libxpc Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins libxslt Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz Login Window Available for: macOS Big Sur Impact: A malicious application with root privileges may be able to access private information Description: This issue was addressed with improved entitlements. CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing Notes Available for: macOS Big Sur Impact: Locked Notes content may have been unexpectedly unlocked Description: A logic issue was addressed with improved state management. CVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd NSRemoteView Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome Preferences Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Safari Available for: macOS Big Sur Impact: A malicious website may be able to track users by setting state in a cache Description: An issue existed in determining cache occupancy. The issue was addressed through improved logic. CVE-2021-1861: Konstantinos Solomos of University of Illinois at Chicago Safari Available for: macOS Big Sur Impact: A malicious website may be able to force unnecessary network connections to fetch its favicon Description: A logic issue was addressed with improved state management. CVE-2021-1855: Håvard Mikkelsen Ottestad of HASMAC AS SampleAnalysis Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com) System Preferences Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30657: an anonymous researcher tcpdump Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher Time Machine Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-1817: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2021-1826: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1820: an anonymous researcher WebKit Storage Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30661: yangkang(@dnpushme) of 360 ATA WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A use after free issue was addressed with improved memory management. CVE-2020-7463: Megan2013678 Wi-Fi Available for: macOS Big Sur Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-1829: Tielei Wang of Pangu Lab Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2021-30655: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications and Wojciech Reguła (@_r3ggi) of SecuRing Windows Server Available for: macOS Big Sur Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6 jjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne srCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/ cMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn QCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv fE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA ECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko T2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE /fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY t3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS v4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1 0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo= =9+Ju -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-4665-2 December 09, 2020 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: USN-4665-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. (CVE-2020-8284) It was discovered that curl incorrectly handled FTP wildcard matchins. (CVE-2020-8285) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm6 libcurl3 7.35.0-1ubuntu2.20+esm6 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm6 libcurl3-nss 7.35.0-1ubuntu2.20+esm6 Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.29 libcurl3 7.22.0-3ubuntu4.29 libcurl3-gnutls 7.22.0-3ubuntu4.29 libcurl3-nss 7.22.0-3ubuntu4.29 In general, a standard system update will make all the necessary changes. Security Fix(es): * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703). For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4881-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini March 30, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : curl CVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 Debian Bug : 965280 965281 968831 977161 977162 977163 Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 Marek Szlagor reported that libcurl could be tricked into prepending a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s). CVE-2020-8177 sn reported that curl could be tricked by a malicious server into overwriting a local file when using th -J (--remote-header-name) and -i (--include) options in the same command line. CVE-2020-8231 Marc Aldorasi reported that libcurl might use the wrong connection when an application using libcurl's multi API sets the option CURLOPT_CONNECT_ONLY, which could lead to information leaks. CVE-2020-8284 Varnavas Papaioannou reported that a malicious server could use the PASV response to trick curl into connecting back to an arbitrary IP address and port, potentially making curl extract information about services that are otherwise private and not disclosed. CVE-2020-8285 xnynx reported that libcurl could run out of stack space when using tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). CVE-2020-8286 It was reported that libcurl didn't verify that an OCSP response actually matches the certificate it is intended to. CVE-2021-22876 Viktor Szakats reported that libcurl does not strip off user credentials from the URL when automatically populating the Referer HTTP request header field in outgoing HTTP requests. CVE-2021-22890 Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3, libcurl could confuse session tickets arriving from the HTTPS proxy as if they arrived from the remote server instead. This could allow an HTTPS proxy to trick libcurl into using the wrong session ticket for the host and thereby circumvent the server TLS certificate check. For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2. We recommend that you upgrade your curl packages

Trust: 1.71

sources: NVD: CVE-2020-8285 // VULHUB: VHN-186410 // PACKETSTORM: 162837 // PACKETSTORM: 163188 // PACKETSTORM: 163193 // PACKETSTORM: 163276 // PACKETSTORM: 162358 // PACKETSTORM: 160436 // PACKETSTORM: 164192 // PACKETSTORM: 169015

AFFECTED PRODUCTS

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.14.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp2410

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp2410

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp2410

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp2410

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp2410

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:gteversion:7.21.0

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:ltversion:7.74.0

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp3110

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:netappmodel:hci bootstrap osscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp3110

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp3110

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.3

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp2410

Trust: 1.0

vendor:netappmodel:hci storage nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp3110

Trust: 1.0

sources: NVD: CVE-2020-8285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8285
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202012-756
value: HIGH

Trust: 0.6

VULHUB: VHN-186410
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8285
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-186410
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8285
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-186410 // CNNVD: CNNVD-202012-756 // NVD: CVE-2020-8285

PROBLEMTYPE DATA

problemtype:CWE-674

Trust: 1.1

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-186410 // NVD: CVE-2020-8285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-756

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-756

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-186410

EXTERNAL IDS

db:NVDid:CVE-2020-8285

Trust: 2.5

db:SIEMENSid:SSA-389290

Trust: 1.7

db:HACKERONEid:1045844

Trust: 1.7

db:PACKETSTORMid:162358

Trust: 0.8

db:PACKETSTORMid:160436

Trust: 0.8

db:PACKETSTORMid:163276

Trust: 0.8

db:PACKETSTORMid:160706

Trust: 0.7

db:PACKETSTORMid:163267

Trust: 0.7

db:PACKETSTORMid:163496

Trust: 0.7

db:PACKETSTORMid:160423

Trust: 0.7

db:PACKETSTORMid:162629

Trust: 0.7

db:PACKETSTORMid:164192

Trust: 0.7

db:AUSCERTid:ESB-2021.2180

Trust: 0.6

db:AUSCERTid:ESB-2020.4343

Trust: 0.6

db:AUSCERTid:ESB-2021.0319

Trust: 0.6

db:AUSCERTid:ESB-2020.4364

Trust: 0.6

db:AUSCERTid:ESB-2021.1700

Trust: 0.6

db:AUSCERTid:ESB-2020.4534

Trust: 0.6

db:AUSCERTid:ESB-2021.1866

Trust: 0.6

db:AUSCERTid:ESB-2021.0634

Trust: 0.6

db:AUSCERTid:ESB-2021.2471

Trust: 0.6

db:AUSCERTid:ESB-2021.2657

Trust: 0.6

db:AUSCERTid:ESB-2021.2365

Trust: 0.6

db:AUSCERTid:ESB-2021.1409.2

Trust: 0.6

db:AUSCERTid:ESB-2021.3141

Trust: 0.6

db:AUSCERTid:ESB-2021.2711

Trust: 0.6

db:AUSCERTid:ESB-2020.4506

Trust: 0.6

db:AUSCERTid:ESB-2021.4058

Trust: 0.6

db:AUSCERTid:ESB-2023.3146

Trust: 0.6

db:AUSCERTid:ESB-2021.1841

Trust: 0.6

db:AUSCERTid:ESB-2021.2228

Trust: 0.6

db:AUSCERTid:ESB-2021.1114

Trust: 0.6

db:CS-HELPid:SB2021042704

Trust: 0.6

db:CS-HELPid:SB2021071516

Trust: 0.6

db:CS-HELPid:SB2021072050

Trust: 0.6

db:CS-HELPid:SB2021051406

Trust: 0.6

db:CS-HELPid:SB2021062315

Trust: 0.6

db:CS-HELPid:SB2021092220

Trust: 0.6

db:CS-HELPid:SB2021072112

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:CS-HELPid:SB2021052026

Trust: 0.6

db:CS-HELPid:SB2021062703

Trust: 0.6

db:CNNVDid:CNNVD-202012-756

Trust: 0.6

db:PACKETSTORMid:163193

Trust: 0.2

db:PACKETSTORMid:162362

Trust: 0.1

db:PACKETSTORMid:163197

Trust: 0.1

db:PACKETSTORMid:163257

Trust: 0.1

db:PACKETSTORMid:162360

Trust: 0.1

db:VULHUBid:VHN-186410

Trust: 0.1

db:PACKETSTORMid:162837

Trust: 0.1

db:PACKETSTORMid:163188

Trust: 0.1

db:PACKETSTORMid:169015

Trust: 0.1

sources: VULHUB: VHN-186410 // PACKETSTORM: 162837 // PACKETSTORM: 163188 // PACKETSTORM: 163193 // PACKETSTORM: 163276 // PACKETSTORM: 162358 // PACKETSTORM: 160436 // PACKETSTORM: 164192 // PACKETSTORM: 169015 // CNNVD: CNNVD-202012-756 // NVD: CVE-2020-8285

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210122-0007/

Trust: 1.7

url:https://support.apple.com/kb/ht212325

Trust: 1.7

url:https://support.apple.com/kb/ht212326

Trust: 1.7

url:https://support.apple.com/kb/ht212327

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-4881

Trust: 1.7

url:http://seclists.org/fulldisclosure/2021/apr/51

Trust: 1.7

url:https://security.gentoo.org/glsa/202012-14

Trust: 1.7

url:https://curl.se/docs/cve-2020-8285.html

Trust: 1.7

url:https://github.com/curl/curl/issues/6255

Trust: 1.7

url:https://hackerone.com/reports/1045844

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-8285

Trust: 1.2

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 1.1

url:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/

Trust: 0.7

url:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e

Trust: 0.7

url:https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1866

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0634

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1700

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2657

Trust: 0.6

url:https://vigilance.fr/vulnerability/libcurl-denial-of-service-via-ftp-wildcard-34067

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2711

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1841

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042704

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4343/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0319/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3146

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1409.2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1114

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2365

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2020-8284-cve-2020-8285-and-cve-2020-8286/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2180

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162629/red-hat-security-advisory-2021-1610-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162358/apple-security-advisory-2021-04-26-2.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052026

Trust: 0.6

url:https://packetstormsecurity.com/files/160706/gentoo-linux-security-advisory-202012-14.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072050

Trust: 0.6

url:https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2228

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062703

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092220

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4534/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4364/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072112

Trust: 0.6

url:https://packetstormsecurity.com/files/160436/ubuntu-security-notice-usn-4665-2.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520474

Trust: 0.6

url:https://support.apple.com/en-us/ht212327

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4506/

Trust: 0.6

url:https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2471

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071516

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062315

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4058

Trust: 0.6

url:https://packetstormsecurity.com/files/160423/ubuntu-security-notice-usn-4665-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051406

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3141

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-8284

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-8286

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-28196

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-8231

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9169

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-2708

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-2708

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-13776

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-3842

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-13776

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-24977

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-26116

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-27619

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3177

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-23336

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-3842

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-8231

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26137

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12362

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27219

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3114

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22890

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8169

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-29362

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20305

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27618

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-29361

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8927

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-29363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3450

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-28196

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14347

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9951

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25704

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19528

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13012

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0431

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14360

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19528

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12464

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14314

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14347

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14360

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14356

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27786

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14314

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25643

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9983

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24394

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0431

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0342

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14344

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25285

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35508

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25212

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28974

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15437

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25284

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14346

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14356

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11608

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11608

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25039

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21639

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12364

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28165

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28092

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28163

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25034

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25035

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25038

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21309

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25042

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3501

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25042

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25038

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25041

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25036

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27170

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25215

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24331

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25036

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25035

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2433

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24332

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25039

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12364

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25041

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2461

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25034

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22901

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=securitypatches&version=2.4.37

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22901

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl&downloadtype=securitypatches&version=1.1.1g

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22890

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31618

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2471

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8169

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28500

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26116

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13949

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28362

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23336

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13949

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23337

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24977

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1813

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1814

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1820

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1815

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1828

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1809

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1817

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7463

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8037

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1784

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1846

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1841

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1843

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1810

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1825

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1826

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1832

Trust: 0.1

url:https://support.apple.com/ht212325.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1824

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1839

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1834

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1829

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1740

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1808

Trust: 0.1

url:https://usn.ubuntu.com/4665-1

Trust: 0.1

url:https://usn.ubuntu.com/4665-2

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3537

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33195

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27918

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3520

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33197

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33198

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33198

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31525

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34558

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3556

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3421

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31525

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3703

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3541

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/curl

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8177

Trust: 0.1

sources: VULHUB: VHN-186410 // PACKETSTORM: 162837 // PACKETSTORM: 163188 // PACKETSTORM: 163193 // PACKETSTORM: 163276 // PACKETSTORM: 162358 // PACKETSTORM: 160436 // PACKETSTORM: 164192 // PACKETSTORM: 169015 // CNNVD: CNNVD-202012-756 // NVD: CVE-2020-8285

CREDITS

Red Hat

Trust: 1.1

sources: PACKETSTORM: 162837 // PACKETSTORM: 163188 // PACKETSTORM: 163193 // PACKETSTORM: 163276 // PACKETSTORM: 164192 // CNNVD: CNNVD-202012-756

SOURCES

db:VULHUBid:VHN-186410
db:PACKETSTORMid:162837
db:PACKETSTORMid:163188
db:PACKETSTORMid:163193
db:PACKETSTORMid:163276
db:PACKETSTORMid:162358
db:PACKETSTORMid:160436
db:PACKETSTORMid:164192
db:PACKETSTORMid:169015
db:CNNVDid:CNNVD-202012-756
db:NVDid:CVE-2020-8285

LAST UPDATE DATE

2024-11-07T21:57:47.336000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186410date:2022-05-13T00:00:00
db:CNNVDid:CNNVD-202012-756date:2023-06-05T00:00:00
db:NVDid:CVE-2020-8285date:2024-03-27T15:47:57.647

SOURCES RELEASE DATE

db:VULHUBid:VHN-186410date:2020-12-14T00:00:00
db:PACKETSTORMid:162837date:2021-05-27T13:28:54
db:PACKETSTORMid:163188date:2021-06-17T17:53:22
db:PACKETSTORMid:163193date:2021-06-17T18:01:23
db:PACKETSTORMid:163276date:2021-06-24T17:54:53
db:PACKETSTORMid:162358date:2021-04-28T14:55:56
db:PACKETSTORMid:160436date:2020-12-10T16:02:10
db:PACKETSTORMid:164192date:2021-09-17T16:04:56
db:PACKETSTORMid:169015date:2021-03-28T19:12:00
db:CNNVDid:CNNVD-202012-756date:2020-12-09T00:00:00
db:NVDid:CVE-2020-8285date:2020-12-14T20:15:13.983