Details of VAR-202104-1841

ID

VAR-202104-1841

CVE

CVE-2020-10001

TITLE

macOS Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-017322

DESCRIPTION

An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. macOS There is an input validation vulnerability in.Information may be obtained. SUSE Linux Enterprise Desktop is an enterprise server version of Linux desktop operating system of German SUSE company. There is a security vulnerability in SUSE Linux Enterprise Desktop. Attackers can use this vulnerability to forcibly read invalid addresses through the Extension field of CUPS to trigger denial of service or obtain sensitive information. A security issue was found in cups before version 2.3.3op2. A missing length check in the ippReadIO function could lead to a buffer over-read. Bugs fixed (https://bugzilla.redhat.com/): 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2021:4393-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4393 Issue date: 2021-11-09 CVE Names: CVE-2020-10001 ==================================================================== 1. Summary: An update for cups is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: access to uninitialized buffer in ipp.c (CVE-2020-10001) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the cupsd service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1782216 - Print queue is paused after ipp backend ends with CUPS_BACKEND_STOP 1921680 - CVE-2020-10001 cups: access to uninitialized buffer in ipp.c 1938384 - CUPS doesn't start if sssd starts after cupsd 1941437 - cupsd doesn't log job ids when logging into journal 1955964 - PreserveJobHistory doesn't work with seconds 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: cups-2.2.6-40.el8.aarch64.rpm cups-client-2.2.6-40.el8.aarch64.rpm cups-client-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debugsource-2.2.6-40.el8.aarch64.rpm cups-devel-2.2.6-40.el8.aarch64.rpm cups-ipptool-2.2.6-40.el8.aarch64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.aarch64.rpm cups-libs-debuginfo-2.2.6-40.el8.aarch64.rpm cups-lpd-2.2.6-40.el8.aarch64.rpm cups-lpd-debuginfo-2.2.6-40.el8.aarch64.rpm noarch: cups-filesystem-2.2.6-40.el8.noarch.rpm ppc64le: cups-2.2.6-40.el8.ppc64le.rpm cups-client-2.2.6-40.el8.ppc64le.rpm cups-client-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debugsource-2.2.6-40.el8.ppc64le.rpm cups-devel-2.2.6-40.el8.ppc64le.rpm cups-ipptool-2.2.6-40.el8.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-libs-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-lpd-2.2.6-40.el8.ppc64le.rpm cups-lpd-debuginfo-2.2.6-40.el8.ppc64le.rpm s390x: cups-2.2.6-40.el8.s390x.rpm cups-client-2.2.6-40.el8.s390x.rpm cups-client-debuginfo-2.2.6-40.el8.s390x.rpm cups-debuginfo-2.2.6-40.el8.s390x.rpm cups-debugsource-2.2.6-40.el8.s390x.rpm cups-devel-2.2.6-40.el8.s390x.rpm cups-ipptool-2.2.6-40.el8.s390x.rpm cups-ipptool-debuginfo-2.2.6-40.el8.s390x.rpm cups-libs-debuginfo-2.2.6-40.el8.s390x.rpm cups-lpd-2.2.6-40.el8.s390x.rpm cups-lpd-debuginfo-2.2.6-40.el8.s390x.rpm x86_64: cups-2.2.6-40.el8.x86_64.rpm cups-client-2.2.6-40.el8.x86_64.rpm cups-client-debuginfo-2.2.6-40.el8.i686.rpm cups-client-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debuginfo-2.2.6-40.el8.i686.rpm cups-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debugsource-2.2.6-40.el8.i686.rpm cups-debugsource-2.2.6-40.el8.x86_64.rpm cups-devel-2.2.6-40.el8.i686.rpm cups-devel-2.2.6-40.el8.x86_64.rpm cups-ipptool-2.2.6-40.el8.x86_64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.i686.rpm cups-ipptool-debuginfo-2.2.6-40.el8.x86_64.rpm cups-libs-debuginfo-2.2.6-40.el8.i686.rpm cups-libs-debuginfo-2.2.6-40.el8.x86_64.rpm cups-lpd-2.2.6-40.el8.x86_64.rpm cups-lpd-debuginfo-2.2.6-40.el8.i686.rpm cups-lpd-debuginfo-2.2.6-40.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: cups-2.2.6-40.el8.src.rpm aarch64: cups-client-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debugsource-2.2.6-40.el8.aarch64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.aarch64.rpm cups-libs-2.2.6-40.el8.aarch64.rpm cups-libs-debuginfo-2.2.6-40.el8.aarch64.rpm cups-lpd-debuginfo-2.2.6-40.el8.aarch64.rpm ppc64le: cups-client-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debugsource-2.2.6-40.el8.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-libs-2.2.6-40.el8.ppc64le.rpm cups-libs-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-lpd-debuginfo-2.2.6-40.el8.ppc64le.rpm s390x: cups-client-debuginfo-2.2.6-40.el8.s390x.rpm cups-debuginfo-2.2.6-40.el8.s390x.rpm cups-debugsource-2.2.6-40.el8.s390x.rpm cups-ipptool-debuginfo-2.2.6-40.el8.s390x.rpm cups-libs-2.2.6-40.el8.s390x.rpm cups-libs-debuginfo-2.2.6-40.el8.s390x.rpm cups-lpd-debuginfo-2.2.6-40.el8.s390x.rpm x86_64: cups-client-debuginfo-2.2.6-40.el8.i686.rpm cups-client-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debuginfo-2.2.6-40.el8.i686.rpm cups-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debugsource-2.2.6-40.el8.i686.rpm cups-debugsource-2.2.6-40.el8.x86_64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.i686.rpm cups-ipptool-debuginfo-2.2.6-40.el8.x86_64.rpm cups-libs-2.2.6-40.el8.i686.rpm cups-libs-2.2.6-40.el8.x86_64.rpm cups-libs-debuginfo-2.2.6-40.el8.i686.rpm cups-libs-debuginfo-2.2.6-40.el8.x86_64.rpm cups-lpd-debuginfo-2.2.6-40.el8.i686.rpm cups-lpd-debuginfo-2.2.6-40.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10001 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrdptzjgjWX9erEAQifnA//fTvcvlIMMRvl8mpYAZuZ9Tv8ZLKYT62j LfH/kVsjq5mJDCPUErwq7XgWN0RfhXaV7dPvB/FbCR1Vh4xtrQEev9JsOkP4g/3z WeuNvlfEtgNcSTSeVJEgIDPi1Dqr4PfNfcy81PWzU0T9K2i17BAIlqVcE7N8Zq71 azP5IT5M7xZU21PbqnDy5ULgb5CVtexslxemufa7kkeRDTl8FjeSq7nWXV4DWAjP 2W9/wzHfGgXtMn4wp/64knWPFROocKiwhj69YTGgPecvdvWHnIkZ9cwWSpAT0LIj SIxRTZoGyusouZZV8gchVS9qtsl4VP1B15QF2C1FK8kiJfEaxeJVH9Kf89QLsX8s ZtVMW4WlqWyBI0kmCL4Yz/bxkBnQuhzgbb+tO4347gpaXpW6zwTu8qp2iYBYHFyX EQFaxYTXaV9kxHgkDNqnw5m5Fi+Q/hz7sZcX8485BbDeqbqqVdi2QdvCsCtPcIgj GTp0dTOwoJc/3o35e6cv4uNdQcqxfgfTBhhkqWOS4jzDRNQL5MOrTKql3D/NJSA3 jb/RahyZkSGxYKTwae4qZKEixeL4hNyU+hYZHUYKb4VxAsn9Y9iOGO43u+LLw4Rp 1e/HKPV+cv741Ph4POP8cgrCe2FZNO4sRU4Ac6bL2uPPDZBhYyQYaHEsB9dFSEzc SCmYx2xwC+4=1Pv7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution: For details on how to install and use MTC, refer to: https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1168 - Disable hostname verification in syslog TLS settings LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd LOG-1375 - ssl_ca_cert should be optional LOG-1378 - CLO should support sasl_plaintext(Password over http) LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate LOG-1494 - Syslog output is serializing json incorrectly LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing LOG-1735 - Regression introducing flush_at_shutdown LOG-1774 - The collector logs should be excluded in fluent.conf LOG-1776 - fluentd total_limit_size sets value beyond available space LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL LOG-1903 - Fix the Display of ClusterLogging type in OLM LOG-1911 - CLF API changes to Opt-in to multiline error detection LOG-1918 - Alert `FluentdNodeDown` always firing LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding 6

Trust: 2.16

sources: NVD: CVE-2020-10001 // JVNDB: JVNDB-2020-017322 // VULHUB: VHN-162436 // VULMON: CVE-2020-10001 // PACKETSTORM: 165296 // PACKETSTORM: 164849 // PACKETSTORM: 165631 // PACKETSTORM: 164967

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	11.1.0	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-017322 // NVD: CVE-2020-10001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10001
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-10001
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202102-206
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-162436
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-10001
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-162436
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-10001
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-10001
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-162436 // JVNDB: JVNDB-2020-017322 // CNNVD: CNNVD-202102-206 // NVD: CVE-2020-10001

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-162436 // JVNDB: JVNDB-2020-017322 // NVD: CVE-2020-10001

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-206

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202102-206

PATCH

title:	HT212011	url:	https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html	Trust: 0.8
title:	SUSE Linux Enterprise Desktop Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140705	Trust: 0.6
title:	Arch Linux Advisories: [ASA-202102-13] cups: information disclosure	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202102-13	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-10001 log	Trust: 0.1

sources: VULMON: CVE-2020-10001 // JVNDB: JVNDB-2020-017322 // CNNVD: CNNVD-202102-206

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10001	Trust: 3.8
db:	PACKETSTORM	id:	165296	Trust: 0.8
db:	PACKETSTORM	id:	164849	Trust: 0.8
db:	PACKETSTORM	id:	165631	Trust: 0.8
db:	PACKETSTORM	id:	164967	Trust: 0.8
db:	JVN	id:	JVNVU95288122	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-017322	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-206	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.3767	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2675	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0393	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4254	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3905	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0245	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3624	Trust: 0.6
db:	CS-HELP	id:	SB2022060108	Trust: 0.6
db:	CS-HELP	id:	SB2022053129	Trust: 0.6
db:	VULHUB	id:	VHN-162436	Trust: 0.1
db:	VULMON	id:	CVE-2020-10001	Trust: 0.1

sources: VULHUB: VHN-162436 // VULMON: CVE-2020-10001 // JVNDB: JVNDB-2020-017322 // PACKETSTORM: 165296 // PACKETSTORM: 164849 // PACKETSTORM: 165631 // PACKETSTORM: 164967 // CNNVD: CNNVD-202102-206 // NVD: CVE-2020-10001

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-10001	Trust: 1.8
url:	https://support.apple.com/en-us/ht212011	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html	Trust: 1.7
url:	http://jvn.jp/vu/jvnvu95288122/index.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.0245	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3624	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3767	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3905	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060108	Trust: 0.6
url:	https://packetstormsecurity.com/files/165296/red-hat-security-advisory-2021-5137-03.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0393	Trust: 0.6
url:	https://packetstormsecurity.com/files/165631/red-hat-security-advisory-2022-0202-04.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/164849/red-hat-security-advisory-2021-4393-03.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4254	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cups-out-of-bounds-memory-reading-via-extension-field-34465	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2675	Trust: 0.6
url:	https://packetstormsecurity.com/files/164967/red-hat-security-advisory-2021-4627-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022053129	Trust: 0.6
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-10001	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16135	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3200	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-25013	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25012	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-35522	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5827	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-35524	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25013	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25009	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-27645	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-33574	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-13435	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-5827	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-24370	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-14145	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-13751	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-25014	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-19603	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14145	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-25012	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-35521	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-35942	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-17594	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3572	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12762	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-36086	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3778	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13750	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13751	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-22898	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12762	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-16135	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-36084	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-17541	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3800	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17594	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-36087	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-36331	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-31535	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3445	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13435	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19603	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-22925	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-36330	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18218	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-20232	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-20266	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20838	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-22876	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-20231	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-36332	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-14155	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25010	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20838	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25014	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-36085	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-33560	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-17595	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3481	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-42574	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14155	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-25009	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-25010	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-35523	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-28153	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-13750	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3426	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-18218	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3580	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3796	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17595	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-24504	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-27777	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20239	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36158	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35448	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3635	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20284	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36386	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20673	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0427	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-24586	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3348	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-26140	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3487	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-26146	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-31440	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3732	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-0129	Trust: 0.2
url:	https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-43527	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-24502	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3564	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-0427	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-23133	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-26144	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3679	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36312	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24370	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-29368	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-24588	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-29646	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-29155	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3489	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-29660	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3712	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-26139	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-28971	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-23841	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14615	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-26143	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3600	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-26145	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-20673	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-23840	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33200	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-29650	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33033	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20194	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-26147	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-31916	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-17541	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24503	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14615	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24502	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-31829	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3573	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20197	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-26141	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-28950	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-24587	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-24503	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3659	Trust: 0.2
url:	https://security.archlinux.org/asa-202102-13	Trust: 0.1
url:	https://security.archlinux.org/cve-2020-10001	Trust: 0.1
url:	https://access.redhat.com/security/vulnerabilities/rhsb-2021-009	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44228	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5137	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4393	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37750	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27823	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3733	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1870	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3575	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30758	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13558	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15389	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33938	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-5727	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33929	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5785	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41617	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30665	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30689	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20847	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30682	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33928	Trust: 0.1
url:	https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22946	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-18032	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1801	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33930	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1765	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4658	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-26927	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20847	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27918	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30795	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-5785	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1788	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5727	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30744	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21775	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21806	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27814	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36241	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4658	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13558	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20321	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27842	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1799	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21779	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20271	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3948	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22947	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27828	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12973	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1844	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1871	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29338	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30734	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-26926	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30720	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28650	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24870	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1789	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30663	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30799	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3272	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0202	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15389	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27824	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33194	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4627	Trust: 0.1

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 165296 // PACKETSTORM: 164849 // PACKETSTORM: 165631 // PACKETSTORM: 164967

SOURCES

db:	VULHUB	id:	VHN-162436
db:	VULMON	id:	CVE-2020-10001
db:	JVNDB	id:	JVNDB-2020-017322
db:	PACKETSTORM	id:	165296
db:	PACKETSTORM	id:	164849
db:	PACKETSTORM	id:	165631
db:	PACKETSTORM	id:	164967
db:	CNNVD	id:	CNNVD-202102-206
db:	NVD	id:	CVE-2020-10001

LAST UPDATE DATE

2024-08-14T13:03:58.946000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-162436	date:	2021-11-30T00:00:00
db:	VULMON	id:	CVE-2020-10001	date:	2021-04-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-017322	date:	2022-09-07T08:02:00
db:	CNNVD	id:	CNNVD-202102-206	date:	2022-06-02T00:00:00
db:	NVD	id:	CVE-2020-10001	date:	2021-11-30T21:49:17.823

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-162436	date:	2021-04-02T00:00:00
db:	VULMON	id:	CVE-2020-10001	date:	2021-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-017322	date:	2022-09-07T00:00:00
db:	PACKETSTORM	id:	165296	date:	2021-12-15T15:27:05
db:	PACKETSTORM	id:	164849	date:	2021-11-10T17:06:37
db:	PACKETSTORM	id:	165631	date:	2022-01-20T17:48:29
db:	PACKETSTORM	id:	164967	date:	2021-11-15T17:25:56
db:	CNNVD	id:	CNNVD-202102-206	date:	2021-02-02T00:00:00
db:	NVD	id:	CVE-2020-10001	date:	2021-04-02T18:15:14.357