ID

VAR-202012-1527


CVE

CVE-2020-1971


TITLE

Red Hat Security Advisory 2020-5639-01

Trust: 0.1

sources: PACKETSTORM: 160638

DESCRIPTION

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. 7.2) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2020:5623-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5623 Issue date: 2020-12-17 CVE Names: CVE-2020-1971 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7): Source: openssl-1.0.2k-20.el7_7.src.rpm x86_64: openssl-1.0.2k-20.el7_7.x86_64.rpm openssl-debuginfo-1.0.2k-20.el7_7.i686.rpm openssl-debuginfo-1.0.2k-20.el7_7.x86_64.rpm openssl-libs-1.0.2k-20.el7_7.i686.rpm openssl-libs-1.0.2k-20.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7): x86_64: openssl-debuginfo-1.0.2k-20.el7_7.i686.rpm openssl-debuginfo-1.0.2k-20.el7_7.x86_64.rpm openssl-devel-1.0.2k-20.el7_7.i686.rpm openssl-devel-1.0.2k-20.el7_7.x86_64.rpm openssl-perl-1.0.2k-20.el7_7.x86_64.rpm openssl-static-1.0.2k-20.el7_7.i686.rpm openssl-static-1.0.2k-20.el7_7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.7): Source: openssl-1.0.2k-20.el7_7.src.rpm ppc64: openssl-1.0.2k-20.el7_7.ppc64.rpm openssl-debuginfo-1.0.2k-20.el7_7.ppc.rpm openssl-debuginfo-1.0.2k-20.el7_7.ppc64.rpm openssl-devel-1.0.2k-20.el7_7.ppc.rpm openssl-devel-1.0.2k-20.el7_7.ppc64.rpm openssl-libs-1.0.2k-20.el7_7.ppc.rpm openssl-libs-1.0.2k-20.el7_7.ppc64.rpm ppc64le: openssl-1.0.2k-20.el7_7.ppc64le.rpm openssl-debuginfo-1.0.2k-20.el7_7.ppc64le.rpm openssl-devel-1.0.2k-20.el7_7.ppc64le.rpm openssl-libs-1.0.2k-20.el7_7.ppc64le.rpm s390x: openssl-1.0.2k-20.el7_7.s390x.rpm openssl-debuginfo-1.0.2k-20.el7_7.s390.rpm openssl-debuginfo-1.0.2k-20.el7_7.s390x.rpm openssl-devel-1.0.2k-20.el7_7.s390.rpm openssl-devel-1.0.2k-20.el7_7.s390x.rpm openssl-libs-1.0.2k-20.el7_7.s390.rpm openssl-libs-1.0.2k-20.el7_7.s390x.rpm x86_64: openssl-1.0.2k-20.el7_7.x86_64.rpm openssl-debuginfo-1.0.2k-20.el7_7.i686.rpm openssl-debuginfo-1.0.2k-20.el7_7.x86_64.rpm openssl-devel-1.0.2k-20.el7_7.i686.rpm openssl-devel-1.0.2k-20.el7_7.x86_64.rpm openssl-libs-1.0.2k-20.el7_7.i686.rpm openssl-libs-1.0.2k-20.el7_7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.7): ppc64: openssl-debuginfo-1.0.2k-20.el7_7.ppc.rpm openssl-debuginfo-1.0.2k-20.el7_7.ppc64.rpm openssl-perl-1.0.2k-20.el7_7.ppc64.rpm openssl-static-1.0.2k-20.el7_7.ppc.rpm openssl-static-1.0.2k-20.el7_7.ppc64.rpm ppc64le: openssl-debuginfo-1.0.2k-20.el7_7.ppc64le.rpm openssl-perl-1.0.2k-20.el7_7.ppc64le.rpm openssl-static-1.0.2k-20.el7_7.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-20.el7_7.s390.rpm openssl-debuginfo-1.0.2k-20.el7_7.s390x.rpm openssl-perl-1.0.2k-20.el7_7.s390x.rpm openssl-static-1.0.2k-20.el7_7.s390.rpm openssl-static-1.0.2k-20.el7_7.s390x.rpm x86_64: openssl-debuginfo-1.0.2k-20.el7_7.i686.rpm openssl-debuginfo-1.0.2k-20.el7_7.x86_64.rpm openssl-perl-1.0.2k-20.el7_7.x86_64.rpm openssl-static-1.0.2k-20.el7_7.i686.rpm openssl-static-1.0.2k-20.el7_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9uMhtzjgjWX9erEAQhz8Q//Wq3KXZn9RMx/m44JhL2ed9zHWWlIQ6Rw R4qabRFb82b3iArrub6vttRkaDSfi52ky0MUpa98kIc21HWdklRtEumLr3AQkDAr hLaVMMES5ayYGXAp9p1A8XVjgZdj/d09MXyYwUcaEdySmJUMC5q8HiU3Vt4VcJqV njHuKv68sSoSPDHlQMc7iXqp+qPooIPjSfQ+m8CV6O0sgP6i8hjCspaFUiU8N//M YBVVd5JHQ6cKGVM0pqtDHOa5vsL2mw2nDq+4MLfKDLeG7NfW9/KqqHsnLZFVnUyo GL+d6d1mCNuE3uB6cr0iC43bByS0Yr7d3J+hNUAc2bNE3ICDcgPaWQ7KmGn2UlVR uASC4TIb1Xdljg33FgiNfd7bxcU0SYNasqMbgtXi+g1ZWR4EmDVLfFLsM6d/7k3h dR1yAQdUE4Z/AfE8JRe9laszd3BO6/G17Gj2fP7bKGxcV9Wv7MuTyAmh9xfIUdZk ZTUMobAD+Xwq1zZpQxjtg8T6iVJDAmdllIX81KOU57XwR3Tt4EJqhusaSOrDNJDX buS3mTvzm3jQQ94FhXwpQU2u2hZF4WrMcRV9pt1X1Ball82kyBI46m/9UQ8wq9bn McWIzI1BAYn5cPtOStMhJL95S6pp5+oX/SWpxoyXlLrVV3nq6Rp6MxwXx8a65tyq D9VI3IDTwsY= =xLC2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Note: Red Hat Quay v3.3.2 was not released publicly. Bug Fix(es): * NVD feed fixed in Clair-v2 (clair-jwt image) 3. Solution: Download the release images via: quay.io/redhat/quay:v3.3.3 quay.io/redhat/clair-jwt:v3.3.3 quay.io/redhat/quay-builder:v3.3.3 quay.io/redhat/clair:v3.3.3 4. Bugs fixed (https://bugzilla.redhat.com/): 1905758 - CVE-2020-27831 quay: email notifications authorization bypass 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display 5. JIRA issues fixed (https://issues.jboss.org/): PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version 6. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 5. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade 5. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 11 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2021:0037 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1888393 - Alert ElasticsearchBulkRequestsRejectionJumps never gets pending/firing due to there is no `bulk` thread pool. 1890801 - Changes on spec.logStore.elasticsearch.nodeCount not reflected when decreasing the number of nodes 1892794 - Reduce log chatter in cluster logging operator 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1901299 - Change ES Operator CSV to clarify the scope for this Operator 1907519 - [logforward]error_class=ArgumentError error="time must be a Fluent::EventTime (or Integer): Float" 1909614 - Old kibana index causing crashloop 1909616 - Facing error "Cannot authenticate user because admin user is not permitted to login via HTTP" in OCP 4.5.20 1913104 - Placeholder bug for OCP 4.6.0 extras release 5. Solution: See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time 1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time 1906381 - Release of OpenShift Serverless Serving 1.12.0 1906382 - Release of OpenShift Serverless Eventing 1.12.0 5. 8.2) - aarch64, ppc64le, s390x, x86_64 3

Trust: 1.98

sources: NVD: CVE-2020-1971 // VULHUB: VHN-173115 // PACKETSTORM: 160638 // PACKETSTORM: 160605 // PACKETSTORM: 160889 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 162130 // PACKETSTORM: 161742 // PACKETSTORM: 161388 // PACKETSTORM: 161003 // PACKETSTORM: 160961 // PACKETSTORM: 160499

AFFECTED PRODUCTS

vendor:oraclemodel:business intelligencescope:eqversion:5.9.0.0.0

Trust: 1.0

vendor:oraclemodel:communications subscriber-aware load balancerscope:eqversion:cz8.3

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:19.3.4

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:14.15.4

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:oraclemodel:jd edwards world securityscope:eqversion:a9.4

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:cz8.3

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:5.7.32

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:cz8.2

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications session routerscope:eqversion:cz8.4

Trust: 1.0

vendor:netappmodel:manageability software development kitscope:eqversion: -

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:12.12.0

Trust: 1.0

vendor:oraclemodel:communications subscriber-aware load balancerscope:eqversion:cz8.4

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.1.1i

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:ltversion:9.2.5.3

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:cz8.4

Trust: 1.0

vendor:oraclemodel:mysql serverscope:gteversion:8.0.15

Trust: 1.0

vendor:netappmodel:clustered data ontap antivirus connectorscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:pcz3.2

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:enterprise manager for storage managementscope:eqversion:13.4.0.0

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.0.0

Trust: 1.0

vendor:netappmodel:hci storage nodescope:eqversion: -

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:15.5.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0.0

Trust: 1.0

vendor:netappmodel:aff a250scope:eqversion: -

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:14.14.0

Trust: 1.0

vendor:oraclemodel:mysql serverscope:lteversion:8.0.22

Trust: 1.0

vendor:netappmodel:plug-in for symantec netbackupscope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:communications session routerscope:eqversion:cz8.3

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:cz8.4

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.2x

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:12.20.1

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.60.3

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:5.5.0.0.0

Trust: 1.0

vendor:netappmodel:data ontapscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications session routerscope:eqversion:cz8.2

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:tenablemodel:nessus network monitorscope:ltversion:5.13.1

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.13.0

Trust: 1.0

vendor:tenablemodel:log correlation enginescope:ltversion:6.0.9

Trust: 1.0

vendor:oraclemodel:mysqlscope:lteversion:8.0.22

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:communications subscriber-aware load balancerscope:eqversion:cz8.2

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:lteversion:8.2.3

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:14.0.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network function cloud native environmentscope:eqversion:1.10.0

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:gteversion:8.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:10.23.1

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.2

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:netappmodel:santricity smi-s providerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:cz8.2

Trust: 1.0

vendor:oraclemodel:business intelligencescope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:20.3.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:10.12.0

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:cz8.3

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:12.13.0

Trust: 1.0

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.3.0.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:pcz3.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:15.0.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:pcz3.3

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:14.15.0

Trust: 1.0

vendor:oraclemodel:communications unified session managerscope:eqversion:scz8.2.5

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:lteversion:8.1.0

Trust: 1.0

vendor:netappmodel:ef600ascope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2020-1971

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1971
value: MEDIUM

Trust: 1.0

VULHUB: VHN-173115
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1971
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-173115
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1971
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-173115 // NVD: CVE-2020-1971

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

sources: VULHUB: VHN-173115 // NVD: CVE-2020-1971

TYPE

code execution, xss

Trust: 0.2

sources: PACKETSTORM: 161727 // PACKETSTORM: 160961

EXTERNAL IDS

db:NVDid:CVE-2020-1971

Trust: 2.2

db:TENABLEid:TNS-2021-10

Trust: 1.1

db:TENABLEid:TNS-2021-09

Trust: 1.1

db:TENABLEid:TNS-2020-11

Trust: 1.1

db:SIEMENSid:SSA-389290

Trust: 1.1

db:OPENWALLid:OSS-SECURITY/2021/09/14/2

Trust: 1.1

db:PULSESECUREid:SA44676

Trust: 1.1

db:PACKETSTORMid:160605

Trust: 0.2

db:PACKETSTORMid:161003

Trust: 0.2

db:PACKETSTORMid:161388

Trust: 0.2

db:PACKETSTORMid:161727

Trust: 0.2

db:PACKETSTORMid:160499

Trust: 0.2

db:PACKETSTORMid:162130

Trust: 0.2

db:PACKETSTORMid:160638

Trust: 0.2

db:PACKETSTORMid:162142

Trust: 0.2

db:PACKETSTORMid:160961

Trust: 0.2

db:PACKETSTORMid:160644

Trust: 0.1

db:PACKETSTORMid:161382

Trust: 0.1

db:PACKETSTORMid:161525

Trust: 0.1

db:PACKETSTORMid:160916

Trust: 0.1

db:PACKETSTORMid:161379

Trust: 0.1

db:PACKETSTORMid:160636

Trust: 0.1

db:PACKETSTORMid:161004

Trust: 0.1

db:PACKETSTORMid:160654

Trust: 0.1

db:PACKETSTORMid:161387

Trust: 0.1

db:PACKETSTORMid:160651

Trust: 0.1

db:PACKETSTORMid:160569

Trust: 0.1

db:PACKETSTORMid:160704

Trust: 0.1

db:PACKETSTORMid:161916

Trust: 0.1

db:PACKETSTORMid:161389

Trust: 0.1

db:PACKETSTORMid:160523

Trust: 0.1

db:PACKETSTORMid:161390

Trust: 0.1

db:PACKETSTORMid:160414

Trust: 0.1

db:PACKETSTORMid:160561

Trust: 0.1

db:PACKETSTORMid:160639

Trust: 0.1

db:PACKETSTORMid:161011

Trust: 0.1

db:PACKETSTORMid:160882

Trust: 0.1

db:VULHUBid:VHN-173115

Trust: 0.1

db:PACKETSTORMid:160889

Trust: 0.1

db:PACKETSTORMid:161742

Trust: 0.1

sources: VULHUB: VHN-173115 // PACKETSTORM: 160638 // PACKETSTORM: 160605 // PACKETSTORM: 160889 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 162130 // PACKETSTORM: 161742 // PACKETSTORM: 161388 // PACKETSTORM: 161003 // PACKETSTORM: 160961 // PACKETSTORM: 160499 // NVD: CVE-2020-1971

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.1

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44676

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20201218-0005/

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20210513-0002/

Trust: 1.1

url:https://www.openssl.org/news/secadv/20201208.txt

Trust: 1.1

url:https://www.tenable.com/security/tns-2020-11

Trust: 1.1

url:https://www.tenable.com/security/tns-2021-09

Trust: 1.1

url:https://www.tenable.com/security/tns-2021-10

Trust: 1.1

url:https://www.debian.org/security/2020/dsa-4807

Trust: 1.1

url:https://security.freebsd.org/advisories/freebsd-sa-20:33.openssl.asc

Trust: 1.1

url:https://security.gentoo.org/glsa/202012-13

Trust: 1.1

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html

Trust: 1.1

url:http://www.openwall.com/lists/oss-security/2021/09/14/2

Trust: 1.1

url:https://bugzilla.redhat.com/):

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 1.1

url:https://access.redhat.com/security/team/contact/

Trust: 1.1

url:https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/

Trust: 1.0

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920

Trust: 1.0

url:https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3cdev.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/

Trust: 1.0

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e

Trust: 1.0

url:https://security.netapp.com/advisory/ntap-20240621-0006/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 0.9

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20218

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-19221

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1751

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-16168

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-24659

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9327

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-5018

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14422

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-19906

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20387

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1752

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-6405

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-13632

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-10029

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-13630

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-13631

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17006

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-12749

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12401

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12402

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-17006

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11719

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12401

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-17023

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17023

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-12749

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12400

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-11756

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11756

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12243

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11727

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12243

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-11719

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-11727

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12403

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-17498

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17498

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12402

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9925

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9802

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9895

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8625

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-15165

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14382

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8812

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3899

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8819

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3867

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8720

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9893

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8808

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3902

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3900

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9805

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8820

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9807

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8769

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8710

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8813

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9850

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8811

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5018

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9803

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9862

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3885

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-15503

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20916

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10018

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8835

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8764

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8844

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3865

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3864

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20387

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14391

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3862

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3901

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19221

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3895

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-8492

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11793

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9894

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8816

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9843

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8771

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3897

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9806

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8814

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8743

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9915

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-16168

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8815

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8783

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20807

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8766

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3868

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8846

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-3894

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8782

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12723

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20228

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12723

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20191

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20180

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20178

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5188

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-15999

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3156

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5094

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5188

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25705

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29661

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14351

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-28362

Trust: 0.2

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e

Trust: 0.1

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/

Trust: 0.1

url:https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3ccommits.pulsar.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3cdev.tomcat.apache.org%3e

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5639

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5623

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0050

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27831

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8743

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8710

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8769

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27832

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8764

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20916

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8625

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20253

Trust: 0.1

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35678

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1079

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8625

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-12652

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17546

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17546

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12652

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3447

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-5313

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-5313

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14422

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25211

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:1129

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25645

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25656

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28374

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14351

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20265

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0427

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7053

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19126

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0427

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16300

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14466

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10105

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25684

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15166

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26160

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16230

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14467

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10103

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14469

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11068

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16229

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14882

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16227

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25683

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14461

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20206

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14881

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14463

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14879

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29652

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14469

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10105

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14880

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12321

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14461

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14466

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14882

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16227

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16230

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14467

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14559

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14462

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14880

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25682

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14881

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16300

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14462

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16229

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8622

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25685

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10103

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16228

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14463

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25686

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25687

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14879

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14470

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25681

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14470

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11068

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16452

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2308

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2306

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2306

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25641

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2308

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2307

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2304

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2309

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2305

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2304

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2309

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2307

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0039

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1752

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0146

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1730

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24553

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13631

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13632

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24553

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10029

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24659

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28366

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13630

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28366

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28367

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28367

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5422

Trust: 0.1

sources: VULHUB: VHN-173115 // PACKETSTORM: 160638 // PACKETSTORM: 160605 // PACKETSTORM: 160889 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 162130 // PACKETSTORM: 161742 // PACKETSTORM: 161388 // PACKETSTORM: 161003 // PACKETSTORM: 160961 // PACKETSTORM: 160499 // NVD: CVE-2020-1971

CREDITS

Red Hat

Trust: 1.1

sources: PACKETSTORM: 160638 // PACKETSTORM: 160605 // PACKETSTORM: 160889 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 162130 // PACKETSTORM: 161742 // PACKETSTORM: 161388 // PACKETSTORM: 161003 // PACKETSTORM: 160961 // PACKETSTORM: 160499

SOURCES

db:VULHUBid:VHN-173115
db:PACKETSTORMid:160638
db:PACKETSTORMid:160605
db:PACKETSTORMid:160889
db:PACKETSTORMid:161727
db:PACKETSTORMid:162142
db:PACKETSTORMid:162130
db:PACKETSTORMid:161742
db:PACKETSTORMid:161388
db:PACKETSTORMid:161003
db:PACKETSTORMid:160961
db:PACKETSTORMid:160499
db:NVDid:CVE-2020-1971

LAST UPDATE DATE

2025-04-27T22:12:09.903000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-173115date:2022-08-29T00:00:00
db:NVDid:CVE-2020-1971date:2024-11-21T05:11:45.673

SOURCES RELEASE DATE

db:VULHUBid:VHN-173115date:2020-12-08T00:00:00
db:PACKETSTORMid:160638date:2020-12-21T17:29:16
db:PACKETSTORMid:160605date:2020-12-17T18:21:28
db:PACKETSTORMid:160889date:2021-01-11T16:29:48
db:PACKETSTORMid:161727date:2021-03-09T16:25:11
db:PACKETSTORMid:162142date:2021-04-09T15:06:13
db:PACKETSTORMid:162130date:2021-04-08T14:00:00
db:PACKETSTORMid:161742date:2021-03-10T16:02:43
db:PACKETSTORMid:161388date:2021-02-11T15:25:46
db:PACKETSTORMid:161003date:2021-01-19T14:42:53
db:PACKETSTORMid:160961date:2021-01-15T15:06:55
db:PACKETSTORMid:160499date:2020-12-15T15:39:39
db:NVDid:CVE-2020-1971date:2020-12-08T16:15:11.730