Details of VAR-202004-2191

ID

VAR-202004-2191

CVE

CVE-2020-11022

TITLE

Red Hat Security Advisory 2023-1047-01

Trust: 0.1

sources: PACKETSTORM: 171215

DESCRIPTION

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions 1.2 through 3.5.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update Advisory ID: RHSA-2020:4670-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4670 Issue date: 2020-11-03 CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-8331 CVE-2019-11358 CVE-2020-1722 CVE-2020-11022 ==================================================================== 1. Summary: An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877) Security Fix(es): * js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676) * bootstrap: XSS in the affix configuration target property (CVE-2018-20677) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * ipa: No password length restriction leads to denial of service (CVE-2020-1722) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1430365 - [RFE] Host-group names command rename 1488732 - fake_mname in named.conf is no longer effective 1585020 - Enable compat tree to provide information about AD users and groups on trust agents 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1651577 - [WebUI] IPA Error 3007: RequirmentError" while adding members in "User ID overrides" tab 1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute 1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701233 - [RFE] support setting supported signature methods on the token 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1746830 - Memory leak during search of idview overrides 1750893 - Memory leak when slapi-nis return entries retrieved from nsswitch 1751295 - When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming 1757045 - IDM Web GUI / IPA web UI: the ID override operation doesn't work in GUI (it works only from CLI) 1759888 - Rebase OpenDNSSEC to 2.1 1768156 - ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED 1777806 - When Service weight is set as 0 for server in IPA location "IPA Error 903: InternalError" is displayed 1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service 1801698 - [RFE] Changing default hostgroup is too easy 1802471 - SELinux policy for ipa-custodia 1809835 - RFE: ipa group-add-member: number of failed should also be emphasized 1810154 - RFE: ipa-backup should compare locally and globally installed server roles 1810179 - ipa-client-install should name authselect backups and restore to that at uninstall time 1813330 - ipa-restore does not restart httpd 1816784 - KRA install fails if all KRA members are Hidden Replicas 1818765 - [Rebase] Rebase ipa to 4.8.6+ 1818877 - [Rebase] Rebase to softhsm 2.6.0+ 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831732 - AVC avc: denied { dac_override } for comm="ods-enforcerd 1831935 - AD authentication with IdM against SQL Server 1832331 - [abrt] [faf] 389-ds-base: unknown function(): /usr/sbin/ns-slapd killed by 11 1833266 - [dirsrv] set 'nsslapd-enable-upgrade-hash: off' as this raises warnings 1834264 - BIND rebase: rebuild against new so version 1834909 - softhsm use-after-free on process exit 1845211 - Rebase bind-dyndb-ldap to 11.3 1845537 - IPA bind configuration issue 1845596 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1846352 - cannot issue certs with multiple IP addresses corresponding to different hosts 1846434 - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7 1847999 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn 1849914 - FreeIPA - Utilize 256-bit AJP connector passwords 1851411 - ipa: typo issue in ipanthomedirectoryrive deffinition 1852244 - ipa-healthcheck inadvertently obsoleted in RHEL 8.2 1853263 - ipa-selinux package missing 1857157 - replica install failing with avc denial for custodia component 1858318 - AttributeError: module 'ssl' has no attribute 'SSLCertVerificationError' when upgrading ca-less ipa master 1859213 - AVC denial during ipa-adtrust-install --add-agents 1863079 - ipa-epn command displays 'exception: ConnectionRefusedError: [Errno 111] Connection refused' 1863616 - CA-less install does not set required permissions on KDC certificate 1866291 - EPN: enhance input validation 1866938 - ipa-epn fails to retrieve user data if some user attributes are not present 1868432 - Unhandled Python exception in '/usr/libexec/ipa/ipa-pki-retrieve-key' 1869311 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1870202 - File permissions of /etc/ipa/ca.crt differ between CA-ful and CA-less 1874015 - ipa hbacrule-add-service --hbacsvcs=sshd is not applied successfully for subdomain 1875348 - Valgrind reports a memory leak in the Schema Compatibility plugin. 1879604 - pkispawn logs files are empty 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.src.rpm custodia-0.6.0-3.module+el8.1.0+4098+f286395e.src.rpm ipa-4.8.7-12.module+el8.3.0+8222+c1bff54a.src.rpm ipa-4.8.7-12.module+el8.3.0+8223+6212645f.src.rpm ipa-healthcheck-0.4-6.module+el8.3.0+7710+e2408ce4.src.rpm ipa-healthcheck-0.4-6.module+el8.3.0+7711+c4441980.src.rpm opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.src.rpm python-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.src.rpm python-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.src.rpm python-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.src.rpm python-qrcode-5.1-12.module+el8.1.0+4098+f286395e.src.rpm python-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.src.rpm python-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.src.rpm python-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.src.rpm pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.src.rpm pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.src.rpm slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.src.rpm softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.src.rpm aarch64: bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm noarch: custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm ipa-client-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm ipa-client-common-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm ipa-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm ipa-common-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm ipa-healthcheck-0.4-6.module+el8.3.0+7710+e2408ce4.noarch.rpm ipa-healthcheck-core-0.4-6.module+el8.3.0+7710+e2408ce4.noarch.rpm ipa-healthcheck-core-0.4-6.module+el8.3.0+7711+c4441980.noarch.rpm ipa-python-compat-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm ipa-python-compat-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm ipa-selinux-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm ipa-selinux-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm ipa-server-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm ipa-server-dns-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm python3-ipaclient-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm python3-ipaclient-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm python3-ipalib-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm python3-ipalib-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm python3-ipaserver-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch.rpm python3-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.noarch.rpm python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch.rpm python3-pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm python3-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm python3-qrcode-core-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch.rpm python3-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch.rpm ppc64le: bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm s390x: bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm x86_64: bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2018-20676 https://access.redhat.com/security/cve/CVE-2018-20677 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-1722 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6I0xtzjgjWX9erEAQioFw/+IiVoE8tPMkiNgSNrk05OezzG/Cev8wXY mTJ+clSxujruzDZ1GyYz5Ua5v4+fwEHbTKVHiite3HKbYGgV9E5H9Y/JVR75rbPN mIfAOLmvYDp3JeHT3RBqRrtviz2UaWRTmE8E30EoC0C912w0NHpwS3fhuRmJov1X lflTtWlQCuPE/7yFQEZqYYjmKMqAVeDk4K6smM/aTzMyM+uFgaksiSTrLzU0mcHJ AAn9h59qlwUXNGRbyBCoLMJrKq5Sw1+xz518XIIjJOQDJbSqu8syzKgi/qSFuLRp 2c/OSKJ98CVoiCcyhsBW/c3B6eoDmSfeKqt6JwVH/Sva+d7Oj5vpWTB5GW4hDFFh t3cuhvyavPnyAzxRnYw5syn/RTyjaOK1U6+6SbEtJVnlx9+FW0lKs/Pcx2ocYmfO UCDXHgxmEP8DTKwJZyIZtybVkpqbXh6jf69NLROTTZMtEwJzE1NGG4ulcl6tutTq S0gchuiUuxItZlD3a9ISBXXxV0iqqd7I5p78maohzIwfyZR13S++rFt7JnoVb7SO DECfEs6VinGH0Z0YInceF6Y9N+SURBrcQpQK12/wtGSChFFU83FII2sxy6iG7pTF HPTzByu+aYgFpuEF4EKSrDlZCVJ8Es5lyp+cF401o3oGJuNo9WYScKjb51a0+SLJ zbmM3GoiGZI=QyyK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ <https://security.gentoo.org/> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Cacti: Multiple vulnerabilities Date: July 26, 2020 Bugs: #728678, #732522 ID: 202007-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code. Background ========== Cacti is a complete frontend to rrdtool. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/cacti < 1.2.13 >= 1.2.13 2 net-analyzer/cacti-spine < 1.2.13 >= 1.2.13 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Cacti users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-1.2.13" All Cacti Spine users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-analyzer/cacti-spine-1.2.13" References ========== [ 1 ] CVE-2020-11022 https://nvd.nist.gov/vuln/detail/CVE-2020-11022 <https://nvd.nist.gov/vuln/detail/CVE-2020-11022> [ 2 ] CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 <https://nvd.nist.gov/vuln/detail/CVE-2020-11023> [ 3 ] CVE-2020-14295 https://nvd.nist.gov/vuln/detail/CVE-2020-14295 <https://nvd.nist.gov/vuln/detail/CVE-2020-14295> Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-03 <https://security.gentoo.org/glsa/202007-03> Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org <mailto:security@gentoo.org> or alternatively, you may file a bug at https://bugs.gentoo.org <https://bugs.gentoo.org/>. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 <https://creativecommons.org/licenses/by-sa/2.5> . Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). Bugs fixed (https://bugzilla.redhat.com/): 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1790759 - CVE-2020-1694 keycloak: verify-token-audience support is missing in the NodeJS adapter 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1836786 - CVE-2020-10748 keycloak: top-level navigations to data URLs resulting in XSS are possible (incomplete fix of CVE-2020-1697) 1850004 - CVE-2020-11023 jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 5. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html

Trust: 1.8

sources: NVD: CVE-2020-11022 // VULHUB: VHN-163559 // VULMON: CVE-2020-11022 // PACKETSTORM: 171215 // PACKETSTORM: 171214 // PACKETSTORM: 171212 // PACKETSTORM: 170819 // PACKETSTORM: 159876 // PACKETSTORM: 158555 // PACKETSTORM: 158282 // PACKETSTORM: 159727

AFFECTED PRODUCTS

vendor:	oracle	model:	jdeveloper	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	financial services data foundation	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6.0.0	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	eq	version:	19.1.0-19.1.2	Trust: 1.0
vendor:	oracle	model:	financial services market risk measurement and management	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	8.7.0	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk measurement and management	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	h300s	scope:	eq	version:	-	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	8.7.14	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	12.0.0.3.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications reconciliation framework	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	hospitality materials control	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	lte	version:	19.1.2	Trust: 1.0
vendor:	oracle	model:	financial services data governance for us regulatory reporting	scope:	lte	version:	8.0.9	Trust: 1.0
vendor:	oracle	model:	policy automation connector for siebel	scope:	eq	version:	10.4.6	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications reconciliation framework	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital basic	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	enterprise session border controller	scope:	eq	version:	8.4	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services profitability management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	retail back office	scope:	eq	version:	14.0	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	8.8.0	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	insurance data foundation	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	20.1	Trust: 1.0
vendor:	oracle	model:	insurance allocation manager for enterprise profitability	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications reconciliation framework	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk measurement and management	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	insurance accounting analyzer	scope:	eq	version:	8.0.9	Trust: 1.0
vendor:	oracle	model:	financial services loan loss forecasting and provisioning	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services funds transfer pricing	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	insurance data foundation	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	agile product lifecycle management for process	scope:	eq	version:	6.2.0.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.58	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.2	Trust: 1.0
vendor:	jquery	model:	jquery	scope:	gte	version:	1.2	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital basic	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services data governance for us regulatory reporting	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services profitability management	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	gte	version:	7.0	Trust: 1.0
vendor:	oracle	model:	blockchain platform	scope:	lt	version:	21.1.2	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	8.8.6	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router idih\:	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	oracle	model:	financial services loan loss forecasting and provisioning	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	insurance insbridge rating and underwriting	scope:	gte	version:	5.0.0.0	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for european banking authority	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	netapp	model:	h300e	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.2	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	oracle	model:	siebel ui framework	scope:	eq	version:	20.8	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	14.1.1.0.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	lte	version:	20.1	Trust: 1.0
vendor:	netapp	model:	h700e	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	netapp	model:	h500s	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services funds transfer pricing	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	financial services price creation and discovery	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	oracle	model:	policy automation	scope:	lte	version:	12.2.20	Trust: 1.0
vendor:	netapp	model:	oncommand system manager	scope:	gte	version:	3.0	Trust: 1.0
vendor:	oracle	model:	financial services profitability management	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	financial services hedge management and ifrs valuations	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.4.0.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	gte	version:	18.1	Trust: 1.0
vendor:	oracle	model:	policy automation	scope:	gte	version:	12.2.0	Trust: 1.0
vendor:	oracle	model:	financial services asset liability management	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	communications application session controller	scope:	eq	version:	3.8m0	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital internal ratings based approach	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services market risk measurement and management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.3	Trust: 1.0
vendor:	oracle	model:	financial services hedge management and ifrs valuations	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	10.3.6.0.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital internal ratings based approach	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	drupal	model:	drupal	scope:	lt	version:	7.70	Trust: 1.0
vendor:	oracle	model:	insurance insbridge rating and underwriting	scope:	eq	version:	5.6.1.0	Trust: 1.0
vendor:	oracle	model:	financial services balance sheet planning	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	financial services funds transfer pricing	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	retail returns management	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	insurance allocation manager for enterprise profitability	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	financial services asset liability management	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	insurance data foundation	scope:	eq	version:	8.0.6-8.1.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.56	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital basic	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for us federal reserve	scope:	lte	version:	8.0.9	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.57	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.2	Trust: 1.0
vendor:	oracle	model:	communications services gatekeeper	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	financial services data integration hub	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	oracle	model:	insurance insbridge rating and underwriting	scope:	lte	version:	5.6.0.0	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	eq	version:	18.2	Trust: 1.0
vendor:	oracle	model:	financial services data foundation	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	policy automation for mobile devices	scope:	lte	version:	12.2.20	Trust: 1.0
vendor:	oracle	model:	storagetek acsls	scope:	eq	version:	8.5.1	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services basel regulatory capital internal ratings based approach	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	18.1	Trust: 1.0
vendor:	oracle	model:	policy automation for mobile devices	scope:	gte	version:	12.2.0	Trust: 1.0
vendor:	jquery	model:	jquery	scope:	lt	version:	3.5.0	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0.0.0	Trust: 1.0
vendor:	netapp	model:	h500e	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h410s	scope:	eq	version:	-	Trust: 1.0
vendor:	tenable	model:	log correlation engine	scope:	lt	version:	6.0.9	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router idih\:	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	healthcare foundation	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	oracle	model:	financial services data integration hub	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	lte	version:	16.4.0	Trust: 1.0
vendor:	oracle	model:	financial services asset liability management	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for us federal reserve	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	netapp	model:	max data	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting for european banking authority	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	11.1.1.9.0	Trust: 1.0
vendor:	oracle	model:	retail returns management	scope:	eq	version:	14.0	Trust: 1.0
vendor:	oracle	model:	financial services loan loss forecasting and provisioning	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	agile product supplier collaboration for process	scope:	eq	version:	6.2.0.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	application testing suite	scope:	eq	version:	13.3.0.1	Trust: 1.0
vendor:	oracle	model:	retail back office	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	hospitality simphony	scope:	gte	version:	19.1.0	Trust: 1.0
vendor:	oracle	model:	banking digital experience	scope:	eq	version:	19.1	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.1.3.0.0	Trust: 1.0
vendor:	oracle	model:	communications webrtc session controller	scope:	eq	version:	7.2	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management	scope:	eq	version:	7.5.0.23.0	Trust: 1.0
vendor:	oracle	model:	financial services hedge management and ifrs valuations	scope:	lte	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	financial services institutional performance analytics	scope:	eq	version:	8.0.7	Trust: 1.0
vendor:	oracle	model:	financial services data integration hub	scope:	eq	version:	8.0.6	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	netapp	model:	h700s	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	financial services liquidity risk measurement and management	scope:	eq	version:	8.0.8	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	eq	version:	19.0	Trust: 1.0
vendor:	netapp	model:	oncommand system manager	scope:	lte	version:	3.1.3	Trust: 1.0

sources: NVD: CVE-2020-11022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11022
value:	MEDIUM
Trust: 1.0
security-advisories@github.com:	CVE-2020-11022
value:	MEDIUM
Trust: 1.0
VULHUB:	VHN-163559
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-11022
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-11022
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-163559
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-11022
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
security-advisories@github.com:	CVE-2020-11022
baseSeverity:	MEDIUM
baseScore:	6.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	4.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-163559 // VULMON: CVE-2020-11022 // NVD: CVE-2020-11022 // NVD: CVE-2020-11022

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.1

sources: VULHUB: VHN-163559 // NVD: CVE-2020-11022

TYPE

code execution, xss

Trust: 0.6

sources: PACKETSTORM: 171215 // PACKETSTORM: 171214 // PACKETSTORM: 171212 // PACKETSTORM: 170819 // PACKETSTORM: 158282 // PACKETSTORM: 159727

PATCH

title:	Red Hat: Moderate: OpenShift Container Platform 3.11 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202217 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4693-1 drupal7 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=978f239ce60a8a08c53eb64ba189d0f6	Trust: 0.1
title:	Red Hat: Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204211 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203807 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat OpenShift Service Mesh security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202362 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205249 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: wordpress: WordPress 5.9.2 security and maintenance release	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e7014c0a68e8d9bc31a54125059176dc	Trust: 0.1
title:	Red Hat: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226393 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: ipa security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203936 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203247 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204670 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202813 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus 8.13.0 Fixes One Third-party Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2020-10	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=0c6e8f969487f201b1d56f59bd98f443	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=e57a04f097f54c762da82263eadc1b8a	Trust: 0.1
title:	Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204847 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-02	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230556 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230554 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2020-11	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1519	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1519	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-130	Trust: 0.1
title:	Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-10	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231049 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231045 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231043 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231044 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231047 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204298 - Security Advisory	Trust: 0.1
title:	Geolocation Playground	url:	https://github.com/blaufish/geo	Trust: 0.1
title:	https-nj.gov---CVE-2020-11022 RECOMMENDATION REFERENCES	url:	https://github.com/Snorlyd/https-nj.gov---CVE-2020-11022	Trust: 0.1
title:	https-nj.gov---CVE-2020-11022 RECOMMENDATION REFERENCES	url:	https://github.com/korestreet/https-nj.gov---CVE-2020-11022	Trust: 0.1
title:	AlmostSignificant	url:	https://github.com/bartongroup/AlmostSignificant	Trust: 0.1
title:	Bagel Patch Website TO DO:	url:	https://github.com/corey-schneider/bagel-shop	Trust: 0.1
title:	JS_Encoder	url:	https://github.com/AssassinUKG/JS_Encoder	Trust: 0.1
title:	XSSPlayground What is XSS?	url:	https://github.com/AssassinUKG/XSSPlayground	Trust: 0.1
title:	jQuery XSS	url:	https://github.com/EmptyHeart5292/jQuery-XSS	Trust: 0.1
title:	https://github.com/DanielRuf/snyk-js-jquery-565129	url:	https://github.com/DanielRuf/snyk-js-jquery-565129	Trust: 0.1
title:	CVE-2020-11022 CVE-2020-11023	url:	https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023	Trust: 0.1
title:	Strings_Attached User Experience Development Process Testing Bugs Libraries and Programs Used Deployment Credits Acknowledgements	url:	https://github.com/johnrearden/strings_attached	Trust: 0.1
title:	CVEcrystalyer	url:	https://github.com/captcha-n00b/CVEcrystalyer	Trust: 0.1
title:	CVE Sandbox :: jQuery	url:	https://github.com/cve-sandbox/jquery	Trust: 0.1
title:	jQuery — New Wave JavaScript	url:	https://github.com/spurreiter/jquery	Trust: 0.1
title:	Github Repository Security Alerts	url:	https://github.com/elifesciences/github-repo-security-alerts	Trust: 0.1
title:	Case Study	url:	https://github.com/faizhaffizudin/Case-Study-Hamsa	Trust: 0.1
title:	Retire HTML Parser	url:	https://github.com/marksowell/retire-html-parser	Trust: 0.1
title:	https://github.com/octane23/CASE-STUDY-1	url:	https://github.com/octane23/CASE-STUDY-1	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/ArrestX/--POC	Trust: 0.1
title:	Normal-POC	url:	https://github.com/Miraitowa70/POC-Notes	Trust: 0.1
title:	Normal-POC	url:	https://github.com/Miraitowa70/Pentest-Notes	Trust: 0.1
title:	Vulnerability	url:	https://github.com/tzwlhack/Vulnerability	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/KayCHENvip/vulnerability-poc	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/Threekiii/Awesome-POC	Trust: 0.1
title:	欢迎关注阿尔法实验室微信公众号	url:	https://github.com/alphaSeclab/sec-daily-2020	Trust: 0.1
title:	SecBooks SecBooks目录	url:	https://github.com/SexyBeast233/SecBooks	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/soosmile/POC	Trust: 0.1

sources: VULMON: CVE-2020-11022

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11022	Trust: 2.0
db:	PACKETSTORM	id:	162159	Trust: 1.2
db:	TENABLE	id:	TNS-2021-02	Trust: 1.2
db:	TENABLE	id:	TNS-2020-10	Trust: 1.2
db:	TENABLE	id:	TNS-2020-11	Trust: 1.2
db:	TENABLE	id:	TNS-2021-10	Trust: 1.2
db:	PACKETSTORM	id:	171214	Trust: 0.2
db:	PACKETSTORM	id:	171212	Trust: 0.2
db:	PACKETSTORM	id:	171215	Trust: 0.2
db:	PACKETSTORM	id:	159876	Trust: 0.2
db:	PACKETSTORM	id:	170819	Trust: 0.2
db:	PACKETSTORM	id:	158555	Trust: 0.2
db:	PACKETSTORM	id:	171213	Trust: 0.1
db:	PACKETSTORM	id:	170823	Trust: 0.1
db:	PACKETSTORM	id:	159852	Trust: 0.1
db:	PACKETSTORM	id:	160274	Trust: 0.1
db:	PACKETSTORM	id:	170821	Trust: 0.1
db:	PACKETSTORM	id:	159275	Trust: 0.1
db:	PACKETSTORM	id:	159353	Trust: 0.1
db:	PACKETSTORM	id:	161727	Trust: 0.1
db:	PACKETSTORM	id:	168304	Trust: 0.1
db:	PACKETSTORM	id:	170817	Trust: 0.1
db:	PACKETSTORM	id:	158750	Trust: 0.1
db:	PACKETSTORM	id:	159513	Trust: 0.1
db:	PACKETSTORM	id:	157850	Trust: 0.1
db:	CNNVD	id:	CNNVD-202004-2429	Trust: 0.1
db:	VULHUB	id:	VHN-163559	Trust: 0.1
db:	ICS CERT	id:	ICSA-22-055-02	Trust: 0.1
db:	VULMON	id:	CVE-2020-11022	Trust: 0.1
db:	PACKETSTORM	id:	158282	Trust: 0.1
db:	PACKETSTORM	id:	159727	Trust: 0.1

sources: VULHUB: VHN-163559 // VULMON: CVE-2020-11022 // PACKETSTORM: 171215 // PACKETSTORM: 171214 // PACKETSTORM: 171212 // PACKETSTORM: 170819 // PACKETSTORM: 159876 // PACKETSTORM: 158555 // PACKETSTORM: 158282 // PACKETSTORM: 159727 // NVD: CVE-2020-11022

REFERENCES

url:	https://www.debian.org/security/2020/dsa-4693	Trust: 1.3
url:	https://security.gentoo.org/glsa/202007-03	Trust: 1.3
url:	https://github.com/jquery/jquery/security/advisories/ghsa-gxr4-xjj5-5px2	Trust: 1.2
url:	https://security.netapp.com/advisory/ntap-20200511-0006/	Trust: 1.2
url:	https://www.drupal.org/sa-core-2020-002	Trust: 1.2
url:	https://www.tenable.com/security/tns-2020-10	Trust: 1.2
url:	https://www.tenable.com/security/tns-2020-11	Trust: 1.2
url:	https://www.tenable.com/security/tns-2021-02	Trust: 1.2
url:	https://www.tenable.com/security/tns-2021-10	Trust: 1.2
url:	http://packetstormsecurity.com/files/162159/jquery-1.2-cross-site-scripting.html	Trust: 1.2
url:	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/	Trust: 1.2
url:	https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77	Trust: 1.2
url:	https://jquery.com/upgrade-guide/3.5/	Trust: 1.2
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.2
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.2
url:	https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html	Trust: 1.2
url:	https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/	Trust: 1.1
url:	https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3ccommits.airflow.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/	Trust: 1.1
url:	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11358	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-11358	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14042	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14040	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2018-14042	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2018-14040	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 0.5
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-40150	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-40149	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-45047	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-46364	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-42004	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-45693	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-42003	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-38750	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-1471	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1438	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-3916	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31129	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-25857	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-46175	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35065	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44906	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-44906	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2023-0091	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-24785	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-3782	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-2764	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2764	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-46363	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1471	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2023-0264	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-38751	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-1274	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-37603	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-38749	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-31129	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-35065	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-1438	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25857	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24785	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1274	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-4137	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-9251	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-10735	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10735	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9251	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8331	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8331	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/	Trust: 0.1
url:	https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3ccommits.airflow.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2217	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/blaufish/geo	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-47629	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:1047	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-21843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-4039	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-37603	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-40304	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-21835	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-40303	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:1045	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:1043	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:0554	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-3143	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14041	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40150	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18214	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40152	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40149	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-40152	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14041	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-18214	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-3143	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1722	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20676	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1722	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20676	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20677	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4670	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20677	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14295>	Trust: 0.1
url:	https://security.gentoo.org/>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023>	Trust: 0.1
url:	https://security.gentoo.org/glsa/202007-03>	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5>	Trust: 0.1
url:	https://bugs.gentoo.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14295	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org/>.	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9547	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9546	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9547	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=core.service.rhsso&version=7.4	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10748	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9548	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9548	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8840	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9546	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1694	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8840	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10748	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1714	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2813	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1714	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1694	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8768	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20852	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8535	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10743	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20657	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19126	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1712	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8518	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12448	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8611	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8203	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-6251	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8676	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-1549	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-9251	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17451	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20060	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19519	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11070	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-7150	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-1547	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-7664	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8607	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12052	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5482	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15366	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8594	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8690	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20060	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13752	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8601	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3822	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11324	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19925	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3823	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-7146	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-1010204	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7013	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11324	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11236	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8524	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-10739	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18751	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-16890	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5481	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8536	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8686	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8671	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12447	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8544	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12049	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8571	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-19519	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2013-0169	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8677	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5436	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-18624	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8595	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13753	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8558	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11459	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12447	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8679	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12795	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20657	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5094	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3844	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-6454	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20852	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12450	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20483	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14336	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8619	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4298	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8622	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-1010180	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7598	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8681	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3825	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8523	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-18074	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0169	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-6237	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-6706	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20483	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20337	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8673	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8559	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8687	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13822	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/updating/updating-cluster	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19923	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16769	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8672	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14822	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14404	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8608	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7662	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8615	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12449	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-7665	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8666	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8457	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5953	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8689	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15847	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14498	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8735	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11236	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19924	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12245	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-14404	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8726	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1010204	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8596	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8696	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8610	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-18408	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13636	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-1563	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16890	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11070	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14498	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-7149	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12450	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16056	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10739	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20337	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18074	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11110	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8584	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19959	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8675	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8563	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10531	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13232	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1010180	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12449	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10715	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8609	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9283	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8587	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-18751	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8506	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18624	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8583	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-9251	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12448	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11008	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11459	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8597	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 171215 // PACKETSTORM: 171214 // PACKETSTORM: 171212 // PACKETSTORM: 170819 // PACKETSTORM: 159876 // PACKETSTORM: 158282 // PACKETSTORM: 159727

SOURCES

db:	VULHUB	id:	VHN-163559
db:	VULMON	id:	CVE-2020-11022
db:	PACKETSTORM	id:	171215
db:	PACKETSTORM	id:	171214
db:	PACKETSTORM	id:	171212
db:	PACKETSTORM	id:	170819
db:	PACKETSTORM	id:	159876
db:	PACKETSTORM	id:	158555
db:	PACKETSTORM	id:	158282
db:	PACKETSTORM	id:	159727
db:	NVD	id:	CVE-2020-11022

LAST UPDATE DATE

2025-10-20T03:07:27.325000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-163559	date:	2022-07-25T00:00:00
db:	VULMON	id:	CVE-2020-11022	date:	2023-11-07T00:00:00
db:	NVD	id:	CVE-2020-11022	date:	2024-11-21T04:56:36.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-163559	date:	2020-04-29T00:00:00
db:	VULMON	id:	CVE-2020-11022	date:	2020-04-29T00:00:00
db:	PACKETSTORM	id:	171215	date:	2023-03-02T15:19:44
db:	PACKETSTORM	id:	171214	date:	2023-03-02T15:19:36
db:	PACKETSTORM	id:	171212	date:	2023-03-02T15:19:19
db:	PACKETSTORM	id:	170819	date:	2023-01-31T17:19:24
db:	PACKETSTORM	id:	159876	date:	2020-11-04T15:32:52
db:	PACKETSTORM	id:	158555	date:	2020-07-27T17:38:33
db:	PACKETSTORM	id:	158282	date:	2020-07-02T15:43:25
db:	PACKETSTORM	id:	159727	date:	2020-10-27T16:59:02
db:	NVD	id:	CVE-2020-11022	date:	2020-04-29T22:15:11.903