Details of VAR-202006-0222

ID

VAR-202006-0222

CVE

CVE-2020-14155

TITLE

Red Hat Security Advisory 2022-5840-01

Trust: 0.1

sources: PACKETSTORM: 167956

DESCRIPTION

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. PCRE is an open source regular expression library written in C language by Philip Hazel software developer. An input validation error vulnerability exists in libpcre in versions prior to PCRE 8.44. An attacker could exploit this vulnerability to execute arbitrary code or cause an application to crash on the system with a large number of requests. Summary: The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Velero and Restic are using incorrect SCCs [OADP-BL] (BZ#2082216) * [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL] (BZ#2091965) * MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes attached to source projects" step (BZ#2099856) * Correct DNS validation for destination namespace (BZ#2102231) * Deselecting all pvcs from UI still results in an attempted PVC transfer (BZ#2106073) 3. Bugs fixed (https://bugzilla.redhat.com/): 2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2082216 - Velero and Restic are using incorrect SCCs [OADP-BL] 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2091965 - [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL] 2099856 - MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes attached to source projects" step 2102231 - Correct DNS validation for destination namespace 2106073 - Deselecting all pvcs from UI still results in an attempted PVC transfer 5. JIRA issues fixed (https://issues.jboss.org/): MIG-1155 - Update to newer ansible runner image for hooks MIG-1242 - Must set upper bound on OADP dep to prevent jump to 1.1 MIG-1254 - Investigate impact of deprecated Docker V2 Schema 1 for MTC on OCP3.11 6. Summary: An update is now available for OpenShift Logging 5.3. Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1897 - Applying cluster state is causing elasticsearch to hit an issue and become unusable LOG-1925 - [release-5.3] No datapoint for CPU on openshift-logging dashboard LOG-1962 - [release-5.3] CLO panic: runtime error: slice bounds out of range [:-1] 6. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. Solution: OSP 16.2.z Release - OSP Director Operator Containers 4. Bugs fixed (https://bugzilla.redhat.com/): 2025995 - Rebase tech preview on latest upstream v1.2.x branch 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2036784 - osp controller (fencing enabled) in downed state after system manual crash test 5. Bugs fixed (https://bugzilla.redhat.com/): 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key 2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key 2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key 2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security fixes: * CVE-2021-3795 semver-regex: inefficient regular expression complexity * CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 Related bugs: * RHACM 2.2.10 images (Bugzilla #2013652) 3. Bugs fixed (https://bugzilla.redhat.com/): 2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity 2013652 - RHACM 2.2.10 images 5. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update Advisory ID: RHSA-2021:4614-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:4614 Issue date: 2021-11-10 CVE Names: CVE-2019-17567 CVE-2019-20838 CVE-2020-13950 CVE-2020-14155 CVE-2020-35452 CVE-2021-3712 CVE-2021-23840 CVE-2021-23841 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 ===================================================================== 1. Summary: Updated packages that provide Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64 3. Description: This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452) * httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690) * httpd: Heap overflow in mod_session (CVE-2021-26691) * httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567) * httpd: MergeSlashes regression (CVE-2021-30641) * httpd: mod_proxy NULL pointer dereference (CVE-2020-13950) * jbcs-httpd24-openssl: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838) * pcre: integer overflow in libpcre (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1848436 - CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments 1848444 - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1966724 - CVE-2020-35452 httpd: Single zero byte stack overflow in mod_auth_digest 1966729 - CVE-2021-26690 httpd: mod_session: NULL pointer dereference when parsing Cookie header 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 1966738 - CVE-2020-13950 httpd: mod_proxy NULL pointer dereference 1966740 - CVE-2019-17567 httpd: mod_proxy_wstunnel tunneling of non Upgraded connection 1966743 - CVE-2021-30641 httpd: Unexpected URL matching with 'MergeSlashes OFF' 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings 6. Package List: Red Hat JBoss Core Services on RHEL 7 Server: Source: jbcs-httpd24-apr-1.6.3-107.jbcs.el7.src.rpm jbcs-httpd24-apr-util-1.6.1-84.jbcs.el7.src.rpm jbcs-httpd24-curl-7.78.0-2.jbcs.el7.src.rpm jbcs-httpd24-httpd-2.4.37-78.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.16-9.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.15.7-21.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.48-20.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_md-2.0.8-40.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-67.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-39.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1g-8.jbcs.el7.src.rpm jbcs-httpd24-openssl-chil-1.0.0-7.jbcs.el7.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-22.jbcs.el7.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-78.jbcs.el7.noarch.rpm ppc64: jbcs-httpd24-curl-7.78.0-2.jbcs.el7.ppc64.rpm jbcs-httpd24-curl-debuginfo-7.78.0-2.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-7.78.0-2.jbcs.el7.ppc64.rpm jbcs-httpd24-libcurl-devel-7.78.0-2.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-1.15.7-21.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-21.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-40.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-40.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-1.0.0-7.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-7.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-22.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-22.jbcs.el7.ppc64.rpm x86_64: jbcs-httpd24-apr-1.6.3-107.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-107.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-107.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-84.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-84.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-84.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-84.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-84.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-84.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-84.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-84.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-84.jbcs.el7.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-84.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-7.78.0-2.jbcs.el7.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.78.0-2.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-2.4.37-78.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-78.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-78.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-78.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-78.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-7.78.0-2.jbcs.el7.x86_64.rpm jbcs-httpd24-libcurl-devel-7.78.0-2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.16-9.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.16-9.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-21.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-21.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-20.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-20.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-20.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-78.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-40.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-40.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-78.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-67.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-67.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-78.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-78.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-39.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-39.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-39.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1g-8.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-7.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-7.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1g-8.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1g-8.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1g-8.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1g-8.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-22.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-22.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1g-8.jbcs.el7.x86_64.rpm Red Hat JBoss Core Services on RHEL 8: Source: jbcs-httpd24-apr-1.6.3-107.el8jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-84.el8jbcs.src.rpm jbcs-httpd24-curl-7.78.0-2.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.37-78.el8jbcs.src.rpm jbcs-httpd24-mod_cluster-native-1.3.16-9.Final_redhat_2.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.7-21.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-20.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.0.8-40.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.2-67.GA.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.39.2-39.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1g-8.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-7.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-22.el8jbcs.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.37-78.el8jbcs.noarch.rpm x86_64: jbcs-httpd24-apr-1.6.3-107.el8jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.6.3-107.el8jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.6.3-107.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-84.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.78.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.78.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.78.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.78.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.78.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.16-9.Final_redhat_2.el8jbcs.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.16-9.Final_redhat_2.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-21.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-21.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-20.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-20.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-20.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-40.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-40.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-67.GA.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-67.GA.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.37-78.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-39.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-39.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-39.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1g-8.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-7.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-7.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1g-8.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1g-8.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1g-8.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1g-8.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1g-8.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-22.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-22.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1g-8.el8jbcs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-17567 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13950 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-35452 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-26690 https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-30641 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYwp39zjgjWX9erEAQih8Q//V7EY5mzsV84TJ3+KeXBE8bU6fPPRIFcZ IphAGzc7NbLT4IWkfyML3fgZTvvkj0q2dOrjrbxHGUGdqYYDFghF8IBRhsvQYhJA cODfa48lD3eSIGHTeMKLb2DZDfI3lP5t6gnkhLS9xp+BOaFUhCScJQD5PmBkDx1A A5vZvJ9jh1uotAvMI1zPVUa3+DMsNq6GaT23Pss1ZmBjwcoHTM/QLLGrpvJt+9ly otKA7eFq9CSRF6YwFeRQ/hwFEURI5hvPdjBKpwvi+Pq2EaHeJWTWG4ApSLkQXkRv 3kv1j3+Q8yYVtfTOYAJTwA48EEaz0DrGmybTmbsl/bml8T7AVQu9zABFp0RoUgdF d7lxpvAt9DDuLQ28yvn4bpF0iRGl+eeyJ3/oDUDczAboGeeFiPiiQla4LPEyNy/E uyotzqeeylzMyw2q3BoOH1W2dCh4uFn56BMfOVupKMbhwV+maNeVVcEiSUPu6dGe xz3+j+fcWjXA6vv4oYClFhsFjUca2C+0yYUcHKc8VV4pAKdCdgTsg2VDXG9fYLKF uQdp03t3FVXqOvAWdgqUzBN68wNYjjQMhg4NbWGeSCHntQSwl9dAq5s7248b+JD0 JSt7qW3g8G17a6Jwcr4lrEtowgOqZh+NenEtXCQNFRH0suxRyCSqlXuAPSdS81in QY3maPhK+iY= =1uh1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 5. JIRA issues fixed (https://issues.jboss.org/): TRACING-2235 - Release RHOSDT 2.1 6

Trust: 1.8

sources: NVD: CVE-2020-14155 // VULHUB: VHN-167005 // PACKETSTORM: 167956 // PACKETSTORM: 165288 // PACKETSTORM: 165631 // PACKETSTORM: 166308 // PACKETSTORM: 168352 // PACKETSTORM: 165209 // PACKETSTORM: 166051 // PACKETSTORM: 164927 // PACKETSTORM: 165758

AFFECTED PRODUCTS

vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	splunk	model:	universal forwarder	scope:	gte	version:	8.2.0	Trust: 1.0
vendor:	gitlab	model:	gitlab	scope:	gte	version:	13.1.0	Trust: 1.0
vendor:	gitlab	model:	gitlab	scope:	lt	version:	12.10.13	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	splunk	model:	universal forwarder	scope:	lt	version:	8.2.12	Trust: 1.0
vendor:	netapp	model:	h300s	scope:	eq	version:	-	Trust: 1.0
vendor:	pcre	model:	pcre	scope:	lt	version:	8.44	Trust: 1.0
vendor:	netapp	model:	h500s	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	ontap select deploy administration utility	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications cloud native core policy	scope:	eq	version:	1.15.0	Trust: 1.0
vendor:	gitlab	model:	gitlab	scope:	lt	version:	13.1.2	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	splunk	model:	universal forwarder	scope:	eq	version:	9.1.0	Trust: 1.0
vendor:	gitlab	model:	gitlab	scope:	lt	version:	13.0.8	Trust: 1.0
vendor:	gitlab	model:	gitlab	scope:	gte	version:	13.0.0	Trust: 1.0
vendor:	splunk	model:	universal forwarder	scope:	lt	version:	9.0.6	Trust: 1.0
vendor:	splunk	model:	universal forwarder	scope:	gte	version:	9.0.0	Trust: 1.0
vendor:	netapp	model:	h700s	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h410s	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.0.1	Trust: 1.0

sources: NVD: CVE-2020-14155

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14155
value:	MEDIUM
Trust: 1.0
VULHUB:	VHN-167005
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-14155
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-167005
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-14155
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-167005 // NVD: CVE-2020-14155

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.1

sources: VULHUB: VHN-167005 // NVD: CVE-2020-14155

TYPE

code execution

Trust: 0.2

sources: PACKETSTORM: 165288 // PACKETSTORM: 168352

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-167005

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14155	Trust: 2.0
db:	PACKETSTORM	id:	168352	Trust: 0.2
db:	PACKETSTORM	id:	166051	Trust: 0.2
db:	PACKETSTORM	id:	167956	Trust: 0.2
db:	PACKETSTORM	id:	166308	Trust: 0.2
db:	PACKETSTORM	id:	165631	Trust: 0.2
db:	PACKETSTORM	id:	164927	Trust: 0.2
db:	PACKETSTORM	id:	165288	Trust: 0.2
db:	PACKETSTORM	id:	165758	Trust: 0.2
db:	PACKETSTORM	id:	165209	Trust: 0.2
db:	CNVD	id:	CNVD-2020-53121	Trust: 0.1
db:	PACKETSTORM	id:	161245	Trust: 0.1
db:	PACKETSTORM	id:	165135	Trust: 0.1
db:	PACKETSTORM	id:	165096	Trust: 0.1
db:	PACKETSTORM	id:	165862	Trust: 0.1
db:	PACKETSTORM	id:	165296	Trust: 0.1
db:	PACKETSTORM	id:	165099	Trust: 0.1
db:	PACKETSTORM	id:	165286	Trust: 0.1
db:	PACKETSTORM	id:	160545	Trust: 0.1
db:	PACKETSTORM	id:	168392	Trust: 0.1
db:	PACKETSTORM	id:	164928	Trust: 0.1
db:	PACKETSTORM	id:	166489	Trust: 0.1
db:	PACKETSTORM	id:	165287	Trust: 0.1
db:	PACKETSTORM	id:	164967	Trust: 0.1
db:	PACKETSTORM	id:	165002	Trust: 0.1
db:	PACKETSTORM	id:	165129	Trust: 0.1
db:	PACKETSTORM	id:	164825	Trust: 0.1
db:	PACKETSTORM	id:	167206	Trust: 0.1
db:	PACKETSTORM	id:	168036	Trust: 0.1
db:	PACKETSTORM	id:	166309	Trust: 0.1
db:	CNNVD	id:	CNNVD-202006-1036	Trust: 0.1
db:	VULHUB	id:	VHN-167005	Trust: 0.1

sources: VULHUB: VHN-167005 // PACKETSTORM: 167956 // PACKETSTORM: 165288 // PACKETSTORM: 165631 // PACKETSTORM: 166308 // PACKETSTORM: 168352 // PACKETSTORM: 165209 // PACKETSTORM: 166051 // PACKETSTORM: 164927 // PACKETSTORM: 165758 // NVD: CVE-2020-14155

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20221028-0010/	Trust: 1.1
url:	https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/	Trust: 1.1
url:	https://support.apple.com/kb/ht211931	Trust: 1.1
url:	https://support.apple.com/kb/ht212147	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2020/dec/32	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2021/feb/14	Trust: 1.1
url:	https://bugs.gentoo.org/717920	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.1
url:	https://www.pcre.org/original/changelog.txt	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e	Trust: 1.0
url:	https://access.redhat.com/security/cve/cve-2020-14155	Trust: 0.9
url:	https://access.redhat.com/security/team/contact/	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20838	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2019-20838	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14155	Trust: 0.9
url:	https://bugzilla.redhat.com/):	Trust: 0.9
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2021-36084	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17594	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17595	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2019-17595	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18218	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2021-36086	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2019-17594	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2021-36085	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2019-18218	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2021-36087	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5827	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-13435	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-5827	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-24370	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-13751	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-19603	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13750	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13751	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13435	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19603	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2021-20232	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2021-20231	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-13750	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2021-3580	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16135	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-3200	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-27645	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-33574	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-35942	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24370	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-3572	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-12762	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-22898	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12762	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-16135	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-3800	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-3712	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-3445	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-22925	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-22876	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-33560	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-42574	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-28153	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-3426	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2021-43527	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14145	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14145	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-20266	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20231	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20232	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22925	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22898	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22876	Trust: 0.4
url:	https://issues.jboss.org/):	Trust: 0.3
url:	https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-24407	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-37750	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3778	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-20271	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3796	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33560	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27645	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28153	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3200	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33574	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-25314	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-29824	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-41617	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25313	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25032	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-40528	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1271	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25013	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25012	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35522	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35524	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25013	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25009	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25014	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25012	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35521	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-17541	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36331	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-31535	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36330	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-36332	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25010	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25014	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20317	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-43267	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3481	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25009	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25010	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-35523	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3733	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33938	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33929	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33928	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-22946	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-33930	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-4658	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4658	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-22947	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3426	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3445	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3521	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-23841	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-23840	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20266	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20271	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3cdev.mina.apache.org%3e	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36084	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-28327	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-29526	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29362	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1621	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28915	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-27782	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29361	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1365	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-27776	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28915	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000858	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22576	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29363	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1629	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-27666	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000858	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36085	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-27774	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13050	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29363	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13050	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29362	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24675	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29361	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:5840	Trust: 0.1
url:	https://access.redhat.com/security/vulnerabilities/rhsb-2021-009	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5129	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35522	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37136	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44228	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35523	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-17541	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37137	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21409	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36331	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35521	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27823	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1870	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3575	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30758	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13558	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15389	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-5727	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5785	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30665	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30689	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20847	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30682	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10001	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-18032	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1801	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1765	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-26927	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20847	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27918	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30795	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-5785	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1788	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5727	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30744	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21775	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21806	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27814	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36241	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13558	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20321	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27842	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1799	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21779	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10001	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3948	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27828	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12973	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1844	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1871	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29338	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30734	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-26926	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30720	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28650	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24870	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-1789	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30663	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30799	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3272	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0202	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15389	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27824	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3984	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3521	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4193	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4122	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44716	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3572	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3872	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0842	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4019	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4192	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8559	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-30629	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1785	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1897	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1927	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4189	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20095	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2526	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-29154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0691	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2097	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3634	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28500	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2068	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0686	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-32206	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-32208	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23337	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3737	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-42771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1292	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0639	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6429	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-30631	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-25219	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31566	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-16845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28493	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1650	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36385	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:5038	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22946	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20673	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20673	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3795	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36385	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20317	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22947	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23440	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0580	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-40346	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-39241	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24348	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26691	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13950	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26690	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17567	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-35452	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-26691	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-26690	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4614	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23841	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-30641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23840	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17567	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13950	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35452	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3712	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://docs.openshift.com/container-platform/latest/distr_tracing/distr_tracing_install/distr-tracing-updating.html	Trust: 0.1
url:	https://docs.openshift.com/container-platform/latest/distr_tracing/distributed-tracing-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0318	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29923	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-36221	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29923	Trust: 0.1

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 167956 // PACKETSTORM: 165288 // PACKETSTORM: 165631 // PACKETSTORM: 166308 // PACKETSTORM: 168352 // PACKETSTORM: 165209 // PACKETSTORM: 166051 // PACKETSTORM: 164927 // PACKETSTORM: 165758

SOURCES

db:	VULHUB	id:	VHN-167005
db:	PACKETSTORM	id:	167956
db:	PACKETSTORM	id:	165288
db:	PACKETSTORM	id:	165631
db:	PACKETSTORM	id:	166308
db:	PACKETSTORM	id:	168352
db:	PACKETSTORM	id:	165209
db:	PACKETSTORM	id:	166051
db:	PACKETSTORM	id:	164927
db:	PACKETSTORM	id:	165758
db:	NVD	id:	CVE-2020-14155

LAST UPDATE DATE

2026-02-07T20:17:38.129000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-167005	date:	2022-12-03T00:00:00
db:	NVD	id:	CVE-2020-14155	date:	2024-11-21T05:02:45.440

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-167005	date:	2020-06-15T00:00:00
db:	PACKETSTORM	id:	167956	date:	2022-08-04T14:49:41
db:	PACKETSTORM	id:	165288	date:	2021-12-15T15:22:36
db:	PACKETSTORM	id:	165631	date:	2022-01-20T17:48:29
db:	PACKETSTORM	id:	166308	date:	2022-03-15T15:41:45
db:	PACKETSTORM	id:	168352	date:	2022-09-13T15:42:14
db:	PACKETSTORM	id:	165209	date:	2021-12-09T14:50:37
db:	PACKETSTORM	id:	166051	date:	2022-02-18T16:37:39
db:	PACKETSTORM	id:	164927	date:	2021-11-11T14:53:11
db:	PACKETSTORM	id:	165758	date:	2022-01-28T14:33:13
db:	NVD	id:	CVE-2020-14155	date:	2020-06-15T17:15:10.777