ID

VAR-202012-1278


CVE

CVE-2020-8285


TITLE

HAXX libcurl Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202012-756

DESCRIPTION

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to trigger a fatal error via libcurl's FTP wildcards, thereby triggering a denial of service. A security issue was found in curl versions 7.21.0 up to and including 7.73.0. libcurl offers a wildcard matching functionality, which allows a callback (set with CURLOPT_CHUNK_BGN_FUNCTION) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns CURL_CHUNK_BGN_FUNC_SKIP, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there's a sufficient amount of file entries and if the callback returns "skip" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors. The content of the remote directory is not kept on the stack, so it seems hard for the malicious user to control exactly what data that overwrites the stack - however it remains a Denial-Of-Service vector as a malicious user who controls a server that a libcurl-using application works with under these premises can trigger a crash. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1868032 - CVE-2020-8231 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set 1873327 - libcurl: Segfault when HTTPS_PROXY and NO_PROXY is used together 1895391 - multiarch conflicts in libcurl-minimal 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1918692 - Body dropped from POST request when using proxy with NTLM authentication 6. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html For Red Hat OpenShift Logging 5.0, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u pgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update Advisory ID: RHSA-2021:2479-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479 Issue date: 2021-06-17 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-25659 CVE-2020-25678 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-36242 CVE-2021-3139 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3528 CVE-2021-20305 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 ==================================================================== 1. Summary: Updated images that fix one security issue and several bugs are now available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483) * Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307) * Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106) * Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument `--public-addr=podIP` is added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558) * Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the `mds_cache_memory_limit` argument during upgrades. With this update, the `mds_cache_memory_limit` argument is applied during upgrades and the mds daemon operates normally. (BZ#1951348) * Previously, the coredumps were not generated in the correct location as rook was setting the config option `log_file` to an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of the `log_file` to build the dump path. With this update, rook does not set the `log_file` and keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under `/var/log/ceph/`. (BZ#1938049) * Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573) * Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983) All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod 5. References: https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3528 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-23239 https://access.redhat.com/security/cve/CVE-2021-23240 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd 6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT RCrstqAM5QQ=DHD0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 5. JIRA issues fixed (https://issues.jboss.org/): TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project 6. Bugs fixed (https://bugzilla.redhat.com/): 1937901 - CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion 1971445 - Release of OpenShift Serverless Serving 1.16.0 1971448 - Release of OpenShift Serverless Eventing 1.16.0 5. ========================================================================== Ubuntu Security Notice USN-4665-1 December 09, 2020 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in curl. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. (CVE-2020-8231) Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. (CVE-2020-8284) It was discovered that curl incorrectly handled FTP wildcard matchins. A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285) It was discovered that curl incorrectly handled OCSP response verification. A remote attacker could possibly use this issue to provide a fraudulent OCSP response. (CVE-2020-8286) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: curl 7.68.0-1ubuntu4.2 libcurl3-gnutls 7.68.0-1ubuntu4.2 libcurl3-nss 7.68.0-1ubuntu4.2 libcurl4 7.68.0-1ubuntu4.2 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.4 libcurl3-gnutls 7.68.0-1ubuntu2.4 libcurl3-nss 7.68.0-1ubuntu2.4 libcurl4 7.68.0-1ubuntu2.4 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.12 libcurl3-gnutls 7.58.0-2ubuntu3.12 libcurl3-nss 7.58.0-2ubuntu3.12 libcurl4 7.58.0-2ubuntu3.12 Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.18 libcurl3 7.47.0-1ubuntu2.18 libcurl3-gnutls 7.47.0-1ubuntu2.18 libcurl3-nss 7.47.0-1ubuntu2.18 In general, a standard system update will make all the necessary changes

Trust: 1.71

sources: NVD: CVE-2020-8285 // VULHUB: VHN-186410 // VULMON: CVE-2020-8285 // PACKETSTORM: 162629 // PACKETSTORM: 162837 // PACKETSTORM: 163209 // PACKETSTORM: 163267 // PACKETSTORM: 163496 // PACKETSTORM: 160423 // PACKETSTORM: 160436

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:netappmodel:hci storage nodescope:eqversion: -

Trust: 1.0

vendor:haxxmodel:libcurlscope:gteversion:7.21.0

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp3110

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp3110

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp2410

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:ltversion:7.74.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp2410

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp2410

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp3110

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp2410

Trust: 1.0

vendor:netappmodel:hci bootstrap osscope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp2410

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp2410

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.14.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2020-8285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8285
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202012-756
value: HIGH

Trust: 0.6

VULHUB: VHN-186410
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8285
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8285
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-186410
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8285
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-186410 // VULMON: CVE-2020-8285 // CNNVD: CNNVD-202012-756 // NVD: CVE-2020-8285

PROBLEMTYPE DATA

problemtype:CWE-674

Trust: 1.1

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-186410 // NVD: CVE-2020-8285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-756

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-756

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-186410

PATCH

title:Debian CVElist Bug Report Logs: curl: CVE-2020-8285: FTP wildcard stack overflowurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f796e96235f578fd40fb69123bab0e97

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-8285 log

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1693url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1693

Trust: 0.1

title:Debian Security Advisories: DSA-4881-1 curl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a9706a30f62799ecc4d45bdb53c244eb

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=4a9822530e6b610875f83ffc10e02aba

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2020-8285

EXTERNAL IDS

db:NVDid:CVE-2020-8285

Trust: 2.5

db:SIEMENSid:SSA-389290

Trust: 1.7

db:HACKERONEid:1045844

Trust: 1.7

db:PACKETSTORMid:163267

Trust: 0.8

db:PACKETSTORMid:163496

Trust: 0.8

db:PACKETSTORMid:160423

Trust: 0.8

db:PACKETSTORMid:160436

Trust: 0.8

db:PACKETSTORMid:162629

Trust: 0.8

db:PACKETSTORMid:160706

Trust: 0.7

db:PACKETSTORMid:162358

Trust: 0.7

db:PACKETSTORMid:163276

Trust: 0.7

db:AUSCERTid:ESB-2021.2180

Trust: 0.6

db:AUSCERTid:ESB-2020.4343

Trust: 0.6

db:AUSCERTid:ESB-2021.0319

Trust: 0.6

db:AUSCERTid:ESB-2020.4364

Trust: 0.6

db:AUSCERTid:ESB-2021.1700

Trust: 0.6

db:AUSCERTid:ESB-2020.4534

Trust: 0.6

db:AUSCERTid:ESB-2021.1866

Trust: 0.6

db:AUSCERTid:ESB-2021.0634

Trust: 0.6

db:AUSCERTid:ESB-2021.2471

Trust: 0.6

db:AUSCERTid:ESB-2021.2657

Trust: 0.6

db:AUSCERTid:ESB-2021.2365

Trust: 0.6

db:AUSCERTid:ESB-2021.1409.2

Trust: 0.6

db:AUSCERTid:ESB-2021.3141

Trust: 0.6

db:AUSCERTid:ESB-2021.2711

Trust: 0.6

db:AUSCERTid:ESB-2020.4506

Trust: 0.6

db:AUSCERTid:ESB-2021.4058

Trust: 0.6

db:AUSCERTid:ESB-2023.3146

Trust: 0.6

db:AUSCERTid:ESB-2021.1841

Trust: 0.6

db:AUSCERTid:ESB-2021.2228

Trust: 0.6

db:AUSCERTid:ESB-2021.1114

Trust: 0.6

db:CS-HELPid:SB2021042704

Trust: 0.6

db:CS-HELPid:SB2021071516

Trust: 0.6

db:CS-HELPid:SB2021072050

Trust: 0.6

db:CS-HELPid:SB2021051406

Trust: 0.6

db:CS-HELPid:SB2021062315

Trust: 0.6

db:CS-HELPid:SB2021092220

Trust: 0.6

db:CS-HELPid:SB2021072112

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:CS-HELPid:SB2021052026

Trust: 0.6

db:CS-HELPid:SB2021062703

Trust: 0.6

db:PACKETSTORMid:164192

Trust: 0.6

db:CNNVDid:CNNVD-202012-756

Trust: 0.6

db:PACKETSTORMid:162362

Trust: 0.1

db:PACKETSTORMid:163197

Trust: 0.1

db:PACKETSTORMid:163257

Trust: 0.1

db:PACKETSTORMid:163193

Trust: 0.1

db:PACKETSTORMid:162360

Trust: 0.1

db:VULHUBid:VHN-186410

Trust: 0.1

db:VULMONid:CVE-2020-8285

Trust: 0.1

db:PACKETSTORMid:162837

Trust: 0.1

db:PACKETSTORMid:163209

Trust: 0.1

sources: VULHUB: VHN-186410 // VULMON: CVE-2020-8285 // PACKETSTORM: 162629 // PACKETSTORM: 162837 // PACKETSTORM: 163209 // PACKETSTORM: 163267 // PACKETSTORM: 163496 // PACKETSTORM: 160423 // PACKETSTORM: 160436 // CNNVD: CNNVD-202012-756 // NVD: CVE-2020-8285

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210122-0007/

Trust: 1.7

url:https://support.apple.com/kb/ht212325

Trust: 1.7

url:https://support.apple.com/kb/ht212326

Trust: 1.7

url:https://support.apple.com/kb/ht212327

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-4881

Trust: 1.7

url:http://seclists.org/fulldisclosure/2021/apr/51

Trust: 1.7

url:https://security.gentoo.org/glsa/202012-14

Trust: 1.7

url:https://curl.se/docs/cve-2020-8285.html

Trust: 1.7

url:https://github.com/curl/curl/issues/6255

Trust: 1.7

url:https://hackerone.com/reports/1045844

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-8285

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 1.1

url:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/

Trust: 1.0

url:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/

Trust: 0.7

url:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e

Trust: 0.7

url:https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1866

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0634

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1700

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2657

Trust: 0.6

url:https://vigilance.fr/vulnerability/libcurl-denial-of-service-via-ftp-wildcard-34067

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2711

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1841

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042704

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4343/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0319/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3146

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1409.2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1114

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2365

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2020-8284-cve-2020-8285-and-cve-2020-8286/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2180

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162629/red-hat-security-advisory-2021-1610-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/162358/apple-security-advisory-2021-04-26-2.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052026

Trust: 0.6

url:https://packetstormsecurity.com/files/160706/gentoo-linux-security-advisory-202012-14.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072050

Trust: 0.6

url:https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2228

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062703

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092220

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4534/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4364/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072112

Trust: 0.6

url:https://packetstormsecurity.com/files/160436/ubuntu-security-notice-usn-4665-2.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520474

Trust: 0.6

url:https://support.apple.com/en-us/ht212327

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4506/

Trust: 0.6

url:https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2471

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071516

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062315

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4058

Trust: 0.6

url:https://packetstormsecurity.com/files/160423/ubuntu-security-notice-usn-4665-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051406

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3141

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-8231

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-8231

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-8284

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-8286

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-28196

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-13776

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-3842

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13776

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-24977

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9169

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-2708

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-3842

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-2708

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-26116

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-27619

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3177

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-23336

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-27618

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-24977

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-28196

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-29362

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-29363

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-29361

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13543

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9951

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9948

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13012

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13584

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26137

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13584

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9983

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13012

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-26116

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27619

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3450

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-27219

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8927

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27219

Trust: 0.2

url:https://usn.ubuntu.com/4665-1

Trust: 0.2

url:https://access.redhat.com/errata/rhsa-2021:1610

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14347

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25704

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0431

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18811

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14360

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19528

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12464

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14314

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14347

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14360

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12362

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14356

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27786

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14314

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25643

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24394

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0431

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0342

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14344

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14361

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25285

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35508

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25212

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28974

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15437

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25284

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14346

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14356

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11608

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11608

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12464

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2479

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23240

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3139

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23239

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36242

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25659

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36242

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27783

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25659

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27783

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25678

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25678

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28362

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2532

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23336

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3114

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27918

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31525

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31525

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27918

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33196

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.18

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.4

Trust: 0.1

url:https://usn.ubuntu.com/4665-2

Trust: 0.1

sources: VULHUB: VHN-186410 // PACKETSTORM: 162629 // PACKETSTORM: 162837 // PACKETSTORM: 163209 // PACKETSTORM: 163267 // PACKETSTORM: 163496 // PACKETSTORM: 160423 // PACKETSTORM: 160436 // CNNVD: CNNVD-202012-756 // NVD: CVE-2020-8285

CREDITS

Red Hat

Trust: 1.1

sources: PACKETSTORM: 162629 // PACKETSTORM: 162837 // PACKETSTORM: 163209 // PACKETSTORM: 163267 // PACKETSTORM: 163496 // CNNVD: CNNVD-202012-756

SOURCES

db:VULHUBid:VHN-186410
db:VULMONid:CVE-2020-8285
db:PACKETSTORMid:162629
db:PACKETSTORMid:162837
db:PACKETSTORMid:163209
db:PACKETSTORMid:163267
db:PACKETSTORMid:163496
db:PACKETSTORMid:160423
db:PACKETSTORMid:160436
db:CNNVDid:CNNVD-202012-756
db:NVDid:CVE-2020-8285

LAST UPDATE DATE

2025-04-25T20:50:29.891000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186410date:2022-05-13T00:00:00
db:VULMONid:CVE-2020-8285date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202012-756date:2023-06-05T00:00:00
db:NVDid:CVE-2020-8285date:2024-11-21T05:38:39.410

SOURCES RELEASE DATE

db:VULHUBid:VHN-186410date:2020-12-14T00:00:00
db:VULMONid:CVE-2020-8285date:2020-12-14T00:00:00
db:PACKETSTORMid:162629date:2021-05-19T13:56:56
db:PACKETSTORMid:162837date:2021-05-27T13:28:54
db:PACKETSTORMid:163209date:2021-06-17T18:34:10
db:PACKETSTORMid:163267date:2021-06-23T16:08:25
db:PACKETSTORMid:163496date:2021-07-14T15:02:07
db:PACKETSTORMid:160423date:2020-12-09T16:29:45
db:PACKETSTORMid:160436date:2020-12-10T16:02:10
db:CNNVDid:CNNVD-202012-756date:2020-12-09T00:00:00
db:NVDid:CVE-2020-8285date:2020-12-14T20:15:13.983