ID

VAR-202012-1277


CVE

CVE-2020-8284


TITLE

HAXX libcurl Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202012-754

DESCRIPTION

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. HAXX Haxx curl is a set of file transfer tools that use the URL syntax to work under the command line of the Swedish Haxx (HAXX) company. The tool supports file upload and download and includes a libcurl (client URL transfer library) for program development. Attackers can use this vulnerability to bypass data access restrictions and obtain sensitive information through curl's FTP PASV Responses. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/ Security: * fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321) * fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322) * nodejs-netmask: improper input validation of octal input data (CVE-2021-28918) * redis: Integer overflow via STRALGO LCS command (CVE-2021-29477) * redis: Integer overflow via COPY command for large intsets (CVE-2021-29478) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377) * oras: zip-slip vulnerability via oras-pull (CVE-2021-21272) * redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * nodejs-lodash: command injection via template (CVE-2021-23337) * nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362) * browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364) * nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369) * nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292) * grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358) * nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092) * nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418) * ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482) * normalize-url: ReDoS for data URLs (CVE-2021-33502) * nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) * html-parse-stringify: Regular Expression DoS (CVE-2021-23346) * openssl: incorrect SSLv2 rollback protection (CVE-2021-23839) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. Bugs: * RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444) * cluster became offline after apiserver health check (BZ# 1942589) 3. Bugs fixed (https://bugzilla.redhat.com/): 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update Advisory ID: RHSA-2021:2479-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479 Issue date: 2021-06-17 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-25659 CVE-2020-25678 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-36242 CVE-2021-3139 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3528 CVE-2021-20305 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 ==================================================================== 1. Summary: Updated images that fix one security issue and several bugs are now available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483) * Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307) * Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106) * Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument `--public-addr=podIP` is added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558) * Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the `mds_cache_memory_limit` argument during upgrades. With this update, the `mds_cache_memory_limit` argument is applied during upgrades and the mds daemon operates normally. (BZ#1951348) * Previously, the coredumps were not generated in the correct location as rook was setting the config option `log_file` to an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of the `log_file` to build the dump path. With this update, rook does not set the `log_file` and keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under `/var/log/ceph/`. (BZ#1938049) * Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573) * Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983) All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod 5. References: https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3528 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-23239 https://access.redhat.com/security/cve/CVE-2021-23240 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd 6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT RCrstqAM5QQ=DHD0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. Bugs fixed (https://bugzilla.redhat.com/): 1937901 - CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion 1971445 - Release of OpenShift Serverless Serving 1.16.0 1971448 - Release of OpenShift Serverless Eventing 1.16.0 5. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:2122 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html This update fixes the following bug among others: * Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238) Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64 The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing 5. ========================================================================== Ubuntu Security Notice USN-4665-1 December 09, 2020 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. (CVE-2020-8231) Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. (CVE-2020-8284) It was discovered that curl incorrectly handled FTP wildcard matchins. A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285) It was discovered that curl incorrectly handled OCSP response verification. A remote attacker could possibly use this issue to provide a fraudulent OCSP response. (CVE-2020-8286) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: curl 7.68.0-1ubuntu4.2 libcurl3-gnutls 7.68.0-1ubuntu4.2 libcurl3-nss 7.68.0-1ubuntu4.2 libcurl4 7.68.0-1ubuntu4.2 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.4 libcurl3-gnutls 7.68.0-1ubuntu2.4 libcurl3-nss 7.68.0-1ubuntu2.4 libcurl4 7.68.0-1ubuntu2.4 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.12 libcurl3-gnutls 7.58.0-2ubuntu3.12 libcurl3-nss 7.58.0-2ubuntu3.12 libcurl4 7.58.0-2ubuntu3.12 Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.18 libcurl3 7.47.0-1ubuntu2.18 libcurl3-gnutls 7.47.0-1ubuntu2.18 libcurl3-nss 7.47.0-1ubuntu2.18 In general, a standard system update will make all the necessary changes

Trust: 1.8

sources: NVD: CVE-2020-8284 // VULHUB: VHN-186409 // PACKETSTORM: 163789 // PACKETSTORM: 163747 // PACKETSTORM: 163209 // PACKETSTORM: 163276 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 162877 // PACKETSTORM: 160423 // PACKETSTORM: 160436

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:applemodel:macosscope:eqversion:11.0.1

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp3110

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp3110

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:haxxmodel:curlscope:lteversion:7.73.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp2410

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:eqversion:11.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp2410

Trust: 1.0

vendor:applemodel:macosscope:eqversion:11.2

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp2410

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp3110

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp3110

Trust: 1.0

vendor:netappmodel:hci storage nodescope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp2410

Trust: 1.0

vendor:netappmodel:hci bootstrap osscope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14.0

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp2410

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp2410

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.14.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2020-8284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8284
value: LOW

Trust: 1.0

CNNVD: CNNVD-202012-754
value: LOW

Trust: 0.6

VULHUB: VHN-186409
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8284
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-186409
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8284
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-186409 // CNNVD: CNNVD-202012-754 // NVD: CVE-2020-8284

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-186409 // NVD: CVE-2020-8284

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-754

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-754

PATCH

title:Haxx curl Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=137264

Trust: 0.6

sources: CNNVD: CNNVD-202012-754

EXTERNAL IDS

db:NVDid:CVE-2020-8284

Trust: 2.6

db:SIEMENSid:SSA-389290

Trust: 1.7

db:HACKERONEid:1040166

Trust: 1.7

db:PACKETSTORMid:160436

Trust: 0.8

db:PACKETSTORMid:163276

Trust: 0.8

db:PACKETSTORMid:163496

Trust: 0.8

db:PACKETSTORMid:160423

Trust: 0.8

db:PACKETSTORMid:160706

Trust: 0.7

db:PACKETSTORMid:163267

Trust: 0.7

db:PACKETSTORMid:162629

Trust: 0.7

db:AUSCERTid:ESB-2020.4343

Trust: 0.6

db:AUSCERTid:ESB-2020.4364

Trust: 0.6

db:AUSCERTid:ESB-2021.1700

Trust: 0.6

db:AUSCERTid:ESB-2021.1866

Trust: 0.6

db:AUSCERTid:ESB-2021.2657

Trust: 0.6

db:AUSCERTid:ESB-2021.2711

Trust: 0.6

db:AUSCERTid:ESB-2020.4506

Trust: 0.6

db:AUSCERTid:ESB-2023.3146

Trust: 0.6

db:AUSCERTid:ESB-2021.1841

Trust: 0.6

db:AUSCERTid:ESB-2021.2228

Trust: 0.6

db:AUSCERTid:ESB-2022.6150

Trust: 0.6

db:AUSCERTid:ESB-2021.2180

Trust: 0.6

db:AUSCERTid:ESB-2021.0631

Trust: 0.6

db:AUSCERTid:ESB-2020.4534

Trust: 0.6

db:AUSCERTid:ESB-2021.2471

Trust: 0.6

db:AUSCERTid:ESB-2021.2365

Trust: 0.6

db:AUSCERTid:ESB-2021.3141

Trust: 0.6

db:AUSCERTid:ESB-2021.4058

Trust: 0.6

db:AUSCERTid:ESB-2021.1114

Trust: 0.6

db:PACKETSTORMid:164192

Trust: 0.6

db:CS-HELPid:SB2021062315

Trust: 0.6

db:CS-HELPid:SB2021062703

Trust: 0.6

db:CS-HELPid:SB2021071516

Trust: 0.6

db:CS-HELPid:SB2021072050

Trust: 0.6

db:CS-HELPid:SB2021051406

Trust: 0.6

db:CS-HELPid:SB2021092220

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:CS-HELPid:SB2021052026

Trust: 0.6

db:CNNVDid:CNNVD-202012-754

Trust: 0.6

db:PACKETSTORMid:163197

Trust: 0.1

db:PACKETSTORMid:163257

Trust: 0.1

db:PACKETSTORMid:163193

Trust: 0.1

db:VULHUBid:VHN-186409

Trust: 0.1

db:PACKETSTORMid:163789

Trust: 0.1

db:PACKETSTORMid:163747

Trust: 0.1

db:PACKETSTORMid:163209

Trust: 0.1

db:PACKETSTORMid:163188

Trust: 0.1

db:PACKETSTORMid:162877

Trust: 0.1

sources: VULHUB: VHN-186409 // PACKETSTORM: 163789 // PACKETSTORM: 163747 // PACKETSTORM: 163209 // PACKETSTORM: 163276 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 162877 // PACKETSTORM: 160423 // PACKETSTORM: 160436 // CNNVD: CNNVD-202012-754 // NVD: CVE-2020-8284

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210122-0007/

Trust: 1.7

url:https://support.apple.com/kb/ht212325

Trust: 1.7

url:https://support.apple.com/kb/ht212326

Trust: 1.7

url:https://support.apple.com/kb/ht212327

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-4881

Trust: 1.7

url:https://security.gentoo.org/glsa/202012-14

Trust: 1.7

url:https://curl.se/docs/cve-2020-8284.html

Trust: 1.7

url:https://hackerone.com/reports/1040166

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 1.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-8284

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-28196

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-8231

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-9169

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-2708

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-2708

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.6

url:https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1866

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1700

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2657

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0631

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2711

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1841

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4343/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3146

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6150

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1114

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2365

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2020-8284-cve-2020-8285-and-cve-2020-8286/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2180

Trust: 0.6

url:https://packetstormsecurity.com/files/162629/red-hat-security-advisory-2021-1610-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052026

Trust: 0.6

url:https://packetstormsecurity.com/files/160706/gentoo-linux-security-advisory-202012-14.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072050

Trust: 0.6

url:https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/curl-information-disclosure-via-ftp-pasv-responses-34066

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2228

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062703

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092220

Trust: 0.6

url:https://support.apple.com/en-us/ht212325

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4534/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4364/

Trust: 0.6

url:https://packetstormsecurity.com/files/160436/ubuntu-security-notice-usn-4665-2.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520474

Trust: 0.6

url:https://support.apple.com/en-us/ht212327

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4506/

Trust: 0.6

url:https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2471

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071516

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062315

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4058

Trust: 0.6

url:https://packetstormsecurity.com/files/160423/ubuntu-security-notice-usn-4665-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051406

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3141

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-libcurl-cve-2020-8284/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-27219

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-26116

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-27619

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3177

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-23336

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-3842

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-13776

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-24977

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-3842

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-26137

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-27618

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-28196

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-29362

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-29361

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-13776

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8231

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8285

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-25039

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-13543

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9951

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25037

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-36242

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25037

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9948

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-13012

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-28935

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25034

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25035

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25038

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-13584

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25040

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25042

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25042

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-12362

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25038

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-25659

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25032

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25041

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25036

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25032

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-25215

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9983

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25036

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25035

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-12362

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3114

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25039

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-13012

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-25040

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25041

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-25034

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3450

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-24977

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-29363

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-8286

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14347

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25712

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23240

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12364

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3520

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23239

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3537

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33909

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3518

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32399

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3516

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14363

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13543

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14360

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13584

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3517

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3560

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3541

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-25217

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14345

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14344

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14361

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12363

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14346

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12364

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33910

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28500

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28092

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23337

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21309

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28918

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-28500

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-26116

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27619

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27783

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8927

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24330

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24331

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24332

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.2

url:https://usn.ubuntu.com/4665-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14346

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20201

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28211

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28469

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29418

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33034

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27358

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23369

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21321

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23368

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11668

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23364

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23343

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23383

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28851

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33033

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20934

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28469

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3377

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21272

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29477

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27292

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29478

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11668

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23839

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19906

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23382

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2479

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3139

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25659

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36242

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27783

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25678

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25678

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20305

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13949

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28362

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23336

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13949

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21639

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28163

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3501

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27170

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2433

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2461

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27918

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31525

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31525

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27918

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33196

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12114

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25704

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0431

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18811

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19528

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12464

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14314

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14356

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21643

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27786

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25643

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24394

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0431

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0342

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18811

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21644

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25285

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35508

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25212

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28974

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2121

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15437

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25284

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11608

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11608

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21642

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12464

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.18

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.4

Trust: 0.1

url:https://usn.ubuntu.com/4665-2

Trust: 0.1

sources: VULHUB: VHN-186409 // PACKETSTORM: 163789 // PACKETSTORM: 163747 // PACKETSTORM: 163209 // PACKETSTORM: 163276 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 162877 // PACKETSTORM: 160423 // PACKETSTORM: 160436 // CNNVD: CNNVD-202012-754 // NVD: CVE-2020-8284

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 163789 // PACKETSTORM: 163747 // PACKETSTORM: 163209 // PACKETSTORM: 163276 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 162877 // CNNVD: CNNVD-202012-754

SOURCES

db:VULHUBid:VHN-186409
db:PACKETSTORMid:163789
db:PACKETSTORMid:163747
db:PACKETSTORMid:163209
db:PACKETSTORMid:163276
db:PACKETSTORMid:163188
db:PACKETSTORMid:163496
db:PACKETSTORMid:162877
db:PACKETSTORMid:160423
db:PACKETSTORMid:160436
db:CNNVDid:CNNVD-202012-754
db:NVDid:CVE-2020-8284

LAST UPDATE DATE

2025-09-03T20:04:48.013000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186409date:2022-05-13T00:00:00
db:CNNVDid:CNNVD-202012-754date:2023-06-05T00:00:00
db:NVDid:CVE-2020-8284date:2024-11-21T05:38:39.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-186409date:2020-12-14T00:00:00
db:PACKETSTORMid:163789date:2021-08-11T16:15:17
db:PACKETSTORMid:163747date:2021-08-06T14:02:37
db:PACKETSTORMid:163209date:2021-06-17T18:34:10
db:PACKETSTORMid:163276date:2021-06-24T17:54:53
db:PACKETSTORMid:163188date:2021-06-17T17:53:22
db:PACKETSTORMid:163496date:2021-07-14T15:02:07
db:PACKETSTORMid:162877date:2021-06-01T14:45:29
db:PACKETSTORMid:160423date:2020-12-09T16:29:45
db:PACKETSTORMid:160436date:2020-12-10T16:02:10
db:CNNVDid:CNNVD-202012-754date:2020-12-09T00:00:00
db:NVDid:CVE-2020-8284date:2020-12-14T20:15:13.903