ID

VAR-202105-1469


CVE

CVE-2018-25014


TITLE

libwebp  Vulnerability in using uninitialized resources in

Trust: 0.8

sources: JVNDB: JVNDB-2018-016583

DESCRIPTION

A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). libwebp There is a vulnerability in the use of uninitialized resources.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. libwebp is an encoding and decoding library for the WebP image format. Versions of libwebp prior to 1.0.1 have security vulnerabilities. The vulnerability stems from the use of a separate variable in the ReadSymbol function. The biggest threats to this vulnerability are data confidentiality and integrity and system availability. For the stable distribution (buster), these problems have been fixed in version 0.6.1-2+deb10u1. We recommend that you upgrade your libwebp packages. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable LOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard LOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1] 6. Summary: The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7 iOS 14.7 and iPadOS 14.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212601. iOS 14.7 released July 19, 2021; iPadOS 14.7 released July 21, 2021 ActionKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A shortcut may be able to bypass Internet permission requirements Description: An input validation issue was addressed with improved input validation. CVE-2021-30763: Zachary Keffaber (@QuickUpdate5) Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30781: tr3e AVEVideoEncoder Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30748: George Nosenko CoreAudio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A logic issue was addressed with improved validation. CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab CoreGraphics Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A race condition was addressed with improved state handling. CVE-2021-30786: ryuzaki CoreText Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team Crash Reporter Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2021-30774: Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University CVMS Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications dyld Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved validation. CVE-2021-30768: Linus Henze (pinauten.de) Find My Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to access Find My data Description: A permissions issue was addressed with improved validation. CVE-2021-30804: Csaba Fitzl (@theevilbit) of Offensive Security FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2021-30760: Sunglin of Knownsec 404 team FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative Identity Service Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2021-30773: Linus Henze (pinauten.de) Image Processing Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30802: Matthew Denton of Google Chrome Security ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security ImageIO Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved state management. CVE-2021-30769: Linus Henze (pinauten.de) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A logic issue was addressed with improved validation. CVE-2021-30770: Linus Henze (pinauten.de) libxml2 Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-3518 Measure Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Multiple issues in libwebp Description: Multiple issues were addressed by updating to version 1.2.0. CVE-2018-25010 CVE-2018-25011 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved validation. CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30792: Anonymous working with Trend Micro Zero Day Initiative Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30791: Anonymous working with Trend Micro Zero Day Initiative TCC Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-30758: Christoph Guttandin of Media Codings WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30795: Sergei Glazunov of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: This issue was addressed with improved checks. CVE-2021-30797: Ivan Fratric of Google Project Zero WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30799: Sergei Glazunov of Google Project Zero Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30800: vm_call, Nozhdar Abdulkhaleq Shukri Additional recognition Assets We would like to acknowledge Cees Elzinga for their assistance. CoreText We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Safari We would like to acknowledge an anonymous researcher for their assistance. Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "14.7" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8YACgkQZcsbuWJ6 jjB5LBAAkEy25fNpo8rg42bsyJwWsSQQxPN79JFxQ6L8tqdsM+MZk86dUKtsRQ47 mxarMf4uBwiIOtrGSCGHLIxXAzLqPY47NDhO+ls0dVxGMETkoR/287AeLnw2ITh3 DM0H/pco4hRhPh8neYTMjNPMAgkepx+r7IqbaHWapn42nRC4/2VkEtVGltVDLs3L K0UQP0cjy2w9KvRF33H3uKNCaCTJrVkDBLKWC7rPPpomwp3bfmbQHjs0ixV5Y8l5 3MfNmCuhIt34zAjVELvbE/PUXgkmsECbXHNZOct7ZLAbceneVKtSmynDtoEN0ajM JiJ6j+FCtdfB3xHk3cHqB6sQZm7fDxdK3z91MZvSZwwmdhJeHD/TxcItRlHNOYA1 FSi0Q954DpIqz3Fs4DGE7Vwz0g5+o5qup8cnw9oLXBdqZwWANuLsQlHlioPbcDhl r1DmwtghmDYFUeSMnzHu/iuRepEju+BRMS3ybCm5j+I3kyvAV8pyvqNNRLfJn+w+ Wl/lwXTtXbgsNPR7WJCBJffxB0gOGZaIG1blSGCY89t2if0vD95R5sRsrnaxuqWc qmtRdBfbmjxk/G+6t1sd4wFglTNovHiLIHXh17cwdIWMB35yFs7VA35833/rF4Oo jOF1D12o58uAewxAsK+cTixe7I9U5Awkad2Jz19V3qHnRWGqtVg\x8e1h -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: qt5-qtimageformats security update Advisory ID: RHSA-2021:2328-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2328 Issue date: 2021-06-08 Cross references: 1961742 1961743 1961744 1961745 CVE Names: CVE-2018-25011 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 ===================================================================== 1. Summary: An update for qt5-qtimageformats is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: The Qt Image Formats in an add-on module for the core Qt Gui library that provides support for additional image formats including MNG, TGA, TIFF, WBMP, and WebP. Security Fix(es): * libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011) * libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014) * libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1956829 - CVE-2020-36328 libwebp: heap-based buffer overflow in WebPDecode*Into functions 1956843 - CVE-2020-36329 libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c 1956919 - CVE-2018-25011 libwebp: heap-based buffer overflow in PutLE16() 1956927 - CVE-2018-25014 libwebp: use of uninitialized value in ReadSymbol() 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: qt5-qtimageformats-5.9.7-2.el7_9.src.rpm ppc64: qt5-qtimageformats-5.9.7-2.el7_9.ppc.rpm qt5-qtimageformats-5.9.7-2.el7_9.ppc64.rpm qt5-qtimageformats-debuginfo-5.9.7-2.el7_9.ppc.rpm qt5-qtimageformats-debuginfo-5.9.7-2.el7_9.ppc64.rpm ppc64le: qt5-qtimageformats-5.9.7-2.el7_9.ppc64le.rpm qt5-qtimageformats-debuginfo-5.9.7-2.el7_9.ppc64le.rpm s390x: qt5-qtimageformats-5.9.7-2.el7_9.s390.rpm qt5-qtimageformats-5.9.7-2.el7_9.s390x.rpm qt5-qtimageformats-debuginfo-5.9.7-2.el7_9.s390.rpm qt5-qtimageformats-debuginfo-5.9.7-2.el7_9.s390x.rpm x86_64: qt5-qtimageformats-5.9.7-2.el7_9.i686.rpm qt5-qtimageformats-5.9.7-2.el7_9.x86_64.rpm qt5-qtimageformats-debuginfo-5.9.7-2.el7_9.i686.rpm qt5-qtimageformats-debuginfo-5.9.7-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: qt5-qtimageformats-doc-5.9.7-2.el7_9.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qt5-qtimageformats-5.9.7-2.el7_9.src.rpm x86_64: qt5-qtimageformats-5.9.7-2.el7_9.i686.rpm qt5-qtimageformats-5.9.7-2.el7_9.x86_64.rpm qt5-qtimageformats-debuginfo-5.9.7-2.el7_9.i686.rpm qt5-qtimageformats-debuginfo-5.9.7-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: qt5-qtimageformats-doc-5.9.7-2.el7_9.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-25011 https://access.redhat.com/security/cve/CVE-2018-25014 https://access.redhat.com/security/cve/CVE-2020-36328 https://access.redhat.com/security/cve/CVE-2020-36329 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYL/yfNzjgjWX9erEAQiqXw/9HBTADT69X6MtPfJT3nEMponvcebRj7DY 6BpTyvPkqDlW/3t/cW3IZ4zw7CXxvpcUTX0KGc5cRSuGcyFr6gWModlpMhhLQsyH SLqyoR7wNr8pAFWNx4qQWSQbUtAQBiiSv2+4qlge/Sgg/JepzGF8458RcoVuWvRm 8lbwSwIgkck+0+6DW9zzRygkrTJSZXClZQevBRpdfyxMXFDpflfHTSoK/0HzcP+H gEPsnKwPmdRssROQUczbyjr3WwTQivMTrlh6ippGjbDwrg/dJ1z3LfgD/i+3/pM2 1t3B97bIqLoXkPqBEoxZ6Lenw+re9LffsnGcwF1xfn0NjuxS/lT8MXHQAvLt8/lh cBfCSgfwtv08hWK7Xme4kU/fG0e30ae+VqnI8cjAH1/yA4gNj2ZrVn8O/T9XKewJ NWSP97Yk9TdApHrWLbzcyXzXfx+KH473fbVvCXogSYKEu5yoMLK8yfNieU8Dc0qZ l0oVEiC9Z0BJI+xTGfEb1EfBiBmxqGUyk6Na3VaiOkhoJoI1MTcux5YYHA4GBmzl 9m6cqpNeZ+didTUNiXOgVo9ksAhpQk22AbZswNYVxy9pCiaRXt2Ah4I5OXijYiLu zkqrEU1ZwLr8EbBSRzFU2UBp+Wf/Vbp8t3pltYPJqc3vAFgvI2dA2luS0f+jIi4V xUr9Mv4P1kM= =o8wl -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.34

sources: NVD: CVE-2018-25014 // JVNDB: JVNDB-2018-016583 // VULHUB: VHN-391906 // VULMON: CVE-2018-25014 // PACKETSTORM: 169076 // PACKETSTORM: 165296 // PACKETSTORM: 165288 // PACKETSTORM: 165631 // PACKETSTORM: 163645 // PACKETSTORM: 163028

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:webmprojectmodel:libwebpscope:ltversion:1.0.1

Trust: 1.0

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:the webmmodel:libwebpscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:red hat enterprise linuxscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:netappmodel:ontap select deploy administration utilityscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-016583 // NVD: CVE-2018-25014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-25014
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-25014
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202105-1379
value: CRITICAL

Trust: 0.6

VULHUB: VHN-391906
value: HIGH

Trust: 0.1

VULMON: CVE-2018-25014
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-25014
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-391906
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-25014
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-25014
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-391906 // VULMON: CVE-2018-25014 // JVNDB: JVNDB-2018-016583 // CNNVD: CNNVD-202105-1379 // NVD: CVE-2018-25014

PROBLEMTYPE DATA

problemtype:CWE-908

Trust: 1.1

problemtype:Use of uninitialized resources (CWE-908) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-391906 // JVNDB: JVNDB-2018-016583 // NVD: CVE-2018-25014

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1379

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202105-1379

PATCH

title:HT212601 Red hat Red Hat Bugzillaurl:https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html

Trust: 0.8

title:libwebp Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151878

Trust: 0.6

title:Amazon Linux 2: ALAS2-2021-1679url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1679

Trust: 0.1

title:Debian Security Advisories: DSA-4930-1 libwebp -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=6dad0021173658916444dfc89f8d2495

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225069 - Security Advisory

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2018-25014

Trust: 0.1

sources: VULMON: CVE-2018-25014 // JVNDB: JVNDB-2018-016583 // CNNVD: CNNVD-202105-1379

EXTERNAL IDS

db:NVDid:CVE-2018-25014

Trust: 4.0

db:PACKETSTORMid:165631

Trust: 0.8

db:PACKETSTORMid:163028

Trust: 0.8

db:JVNDBid:JVNDB-2018-016583

Trust: 0.8

db:PACKETSTORMid:164842

Trust: 0.7

db:PACKETSTORMid:164967

Trust: 0.7

db:PACKETSTORMid:168042

Trust: 0.7

db:PACKETSTORMid:165286

Trust: 0.7

db:CNNVDid:CNNVD-202105-1379

Trust: 0.7

db:PACKETSTORMid:163645

Trust: 0.7

db:AUSCERTid:ESB-2021.2036

Trust: 0.6

db:AUSCERTid:ESB-2022.0245

Trust: 0.6

db:AUSCERTid:ESB-2021.2485.2

Trust: 0.6

db:AUSCERTid:ESB-2021.1880

Trust: 0.6

db:AUSCERTid:ESB-2021.2102

Trust: 0.6

db:AUSCERTid:ESB-2021.1965

Trust: 0.6

db:AUSCERTid:ESB-2021.3905

Trust: 0.6

db:AUSCERTid:ESB-2022.3977

Trust: 0.6

db:AUSCERTid:ESB-2021.4254

Trust: 0.6

db:AUSCERTid:ESB-2021.3789

Trust: 0.6

db:AUSCERTid:ESB-2021.4229

Trust: 0.6

db:CS-HELPid:SB2021072216

Trust: 0.6

db:CS-HELPid:SB2021060725

Trust: 0.6

db:CS-HELPid:SB2021061420

Trust: 0.6

db:CS-HELPid:SB2021060939

Trust: 0.6

db:PACKETSTORMid:165288

Trust: 0.2

db:PACKETSTORMid:165296

Trust: 0.2

db:PACKETSTORMid:165287

Trust: 0.1

db:VULHUBid:VHN-391906

Trust: 0.1

db:VULMONid:CVE-2018-25014

Trust: 0.1

db:PACKETSTORMid:169076

Trust: 0.1

sources: VULHUB: VHN-391906 // VULMON: CVE-2018-25014 // JVNDB: JVNDB-2018-016583 // PACKETSTORM: 169076 // PACKETSTORM: 165296 // PACKETSTORM: 165288 // PACKETSTORM: 165631 // PACKETSTORM: 163645 // PACKETSTORM: 163028 // CNNVD: CNNVD-202105-1379 // NVD: CVE-2018-25014

REFERENCES

url:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496

Trust: 1.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=1956927

Trust: 1.8

url:https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-25014

Trust: 1.4

url:http://seclists.org/fulldisclosure/2021/jul/54

Trust: 0.6

url:https://support.apple.com/kb/ht212601

Trust: 0.6

url:https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html

Trust: 0.6

url:https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html

Trust: 0.6

url:https://www.debian.org/security/2021/dsa-4930

Trust: 0.6

url:https://security.netapp.com/advisory/ntap-20211104-0004/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0245

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3977

Trust: 0.6

url:https://packetstormsecurity.com/files/168042/red-hat-security-advisory-2022-5069-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163028/red-hat-security-advisory-2021-2328-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060725

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2485.2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1965

Trust: 0.6

url:https://packetstormsecurity.com/files/165286/red-hat-security-advisory-2021-5128-06.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072216

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3789

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3905

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4229

Trust: 0.6

url:https://support.apple.com/en-us/ht212601

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060939

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1880

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061420

Trust: 0.6

url:https://packetstormsecurity.com/files/165631/red-hat-security-advisory-2022-0202-04.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163645/apple-security-advisory-2021-07-21-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4254

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2036

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2102

Trust: 0.6

url:https://vigilance.fr/vulnerability/libwebp-six-vulnerabilities-35579

Trust: 0.6

url:https://packetstormsecurity.com/files/164842/red-hat-security-advisory-2021-4231-04.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164967/red-hat-security-advisory-2021-4627-01.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-25010

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-25013

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-25009

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2018-25014

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-36328

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-36329

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-36330

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-36331

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-25011

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-25013

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-25012

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-35522

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-35524

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-25012

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-35521

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-17541

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-36331

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-36330

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-36332

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3481

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-25009

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-25010

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-35523

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10001

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-17541

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10001

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/908.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2018-25014

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://alas.aws.amazon.com/al2/alas-2021-1679.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36332

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/libwebp

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24504

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20239

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36158

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3635

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20284

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36386

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0427

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3348

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26140

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3487

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26146

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31440

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3732

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0129

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3564

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0427

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23133

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26144

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3679

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36312

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29368

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24588

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29646

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3489

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29660

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26139

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28971

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14615

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26143

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3600

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26145

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33033

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20194

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26147

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31916

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24503

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24502

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31829

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26141

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24587

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24503

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3659

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5129

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35522

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35523

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20317

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21409

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43267

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35521

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1870

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3575

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30758

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15389

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30665

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30689

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30682

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-18032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1801

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1765

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4658

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30795

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30744

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21775

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27814

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36241

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20321

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21779

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27828

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1871

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29338

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30734

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26926

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24870

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1789

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30663

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3272

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15389

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27824

Trust: 0.1

url:https://support.apple.com/ht212601.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30768

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30781

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30776

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30780

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30759

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30789

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30786

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30748

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30779

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30758

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30763

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30760

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30770

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30769

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30785

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2328

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36328

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25011

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

sources: VULHUB: VHN-391906 // VULMON: CVE-2018-25014 // JVNDB: JVNDB-2018-016583 // PACKETSTORM: 169076 // PACKETSTORM: 165296 // PACKETSTORM: 165288 // PACKETSTORM: 165631 // PACKETSTORM: 163645 // PACKETSTORM: 163028 // CNNVD: CNNVD-202105-1379 // NVD: CVE-2018-25014

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 165296 // PACKETSTORM: 165288 // PACKETSTORM: 165631 // PACKETSTORM: 163028

SOURCES

db:VULHUBid:VHN-391906
db:VULMONid:CVE-2018-25014
db:JVNDBid:JVNDB-2018-016583
db:PACKETSTORMid:169076
db:PACKETSTORMid:165296
db:PACKETSTORMid:165288
db:PACKETSTORMid:165631
db:PACKETSTORMid:163645
db:PACKETSTORMid:163028
db:CNNVDid:CNNVD-202105-1379
db:NVDid:CVE-2018-25014

LAST UPDATE DATE

2025-02-20T22:23:30.181000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-391906date:2023-02-09T00:00:00
db:VULMONid:CVE-2018-25014date:2023-02-09T00:00:00
db:JVNDBid:JVNDB-2018-016583date:2022-02-02T01:15:00
db:CNNVDid:CNNVD-202105-1379date:2022-08-12T00:00:00
db:NVDid:CVE-2018-25014date:2023-02-09T02:24:26.620

SOURCES RELEASE DATE

db:VULHUBid:VHN-391906date:2021-05-21T00:00:00
db:VULMONid:CVE-2018-25014date:2021-05-21T00:00:00
db:JVNDBid:JVNDB-2018-016583date:2022-02-02T00:00:00
db:PACKETSTORMid:169076date:2021-06-28T19:12:00
db:PACKETSTORMid:165296date:2021-12-15T15:27:05
db:PACKETSTORMid:165288date:2021-12-15T15:22:36
db:PACKETSTORMid:165631date:2022-01-20T17:48:29
db:PACKETSTORMid:163645date:2021-07-23T15:29:39
db:PACKETSTORMid:163028date:2021-06-09T13:21:49
db:CNNVDid:CNNVD-202105-1379date:2021-05-21T00:00:00
db:NVDid:CVE-2018-25014date:2021-05-21T17:15:08.203