ID

VAR-202012-1277


CVE

CVE-2020-8284


TITLE

HAXX libcurl Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202012-754

DESCRIPTION

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. HAXX Haxx curl is a set of file transfer tools that use the URL syntax to work under the command line of the Swedish Haxx (HAXX) company. The tool supports file upload and download and includes a libcurl (client URL transfer library) for program development. There is a security vulnerability in Haxx curl FTP PASV Responses. Attackers can use this vulnerability to bypass data access restrictions and obtain sensitive information through curl's FTP PASV Responses. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/ Security: * fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321) * fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322) * nodejs-netmask: improper input validation of octal input data (CVE-2021-28918) * redis: Integer overflow via STRALGO LCS command (CVE-2021-29477) * redis: Integer overflow via COPY command for large intsets (CVE-2021-29478) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377) * oras: zip-slip vulnerability via oras-pull (CVE-2021-21272) * redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * nodejs-lodash: command injection via template (CVE-2021-23337) * nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362) * browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364) * nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369) * nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292) * grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358) * nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092) * nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418) * ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482) * normalize-url: ReDoS for data URLs (CVE-2021-33502) * nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) * html-parse-stringify: Regular Expression DoS (CVE-2021-23346) * openssl: incorrect SSLv2 rollback protection (CVE-2021-23839) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. Bugs: * RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444) * cluster became offline after apiserver health check (BZ# 1942589) 3. Bugs fixed (https://bugzilla.redhat.com/): 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters 5. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html For Red Hat OpenShift Logging 5.0, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u pgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. Description: Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers. Bug Fix(es): * WMCO patch pub-key-hash annotation to Linux node (BZ#1945248) * LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917) * Telemetry info not completely available to identify windows nodes (BZ#1955319) * WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412) * kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263) 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Advanced Cluster Management 2.2.4 security and bug fix update Advisory ID: RHSA-2021:2461-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2021:2461 Issue date: 2021-06-16 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-14866 CVE-2019-25013 CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8648 CVE-2020-8927 CVE-2020-10543 CVE-2020-10878 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-13434 CVE-2020-13776 CVE-2020-15358 CVE-2020-24330 CVE-2020-24331 CVE-2020-24332 CVE-2020-24977 CVE-2020-25648 CVE-2020-25692 CVE-2020-26116 CVE-2020-26137 CVE-2020-27170 CVE-2020-27618 CVE-2020-27619 CVE-2020-28196 CVE-2020-28362 CVE-2020-28935 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3114 CVE-2021-3177 CVE-2021-3326 CVE-2021-3347 CVE-2021-3501 CVE-2021-3543 CVE-2021-21309 CVE-2021-21639 CVE-2021-21640 CVE-2021-23336 CVE-2021-25215 CVE-2021-27219 CVE-2021-28092 CVE-2021-28163 CVE-2021-28165 CVE-2021-28918 ===================================================================== 1. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html-single/install/index#installing 4. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. References: https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2019-25032 https://access.redhat.com/security/cve/CVE-2019-25034 https://access.redhat.com/security/cve/CVE-2019-25035 https://access.redhat.com/security/cve/CVE-2019-25036 https://access.redhat.com/security/cve/CVE-2019-25037 https://access.redhat.com/security/cve/CVE-2019-25038 https://access.redhat.com/security/cve/CVE-2019-25039 https://access.redhat.com/security/cve/CVE-2019-25040 https://access.redhat.com/security/cve/CVE-2019-25041 https://access.redhat.com/security/cve/CVE-2019-25042 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12363 https://access.redhat.com/security/cve/CVE-2020-12364 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24330 https://access.redhat.com/security/cve/CVE-2020-24331 https://access.redhat.com/security/cve/CVE-2020-24332 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25648 https://access.redhat.com/security/cve/CVE-2020-25692 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27170 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-28935 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-3501 https://access.redhat.com/security/cve/CVE-2021-3543 https://access.redhat.com/security/cve/CVE-2021-21309 https://access.redhat.com/security/cve/CVE-2021-21639 https://access.redhat.com/security/cve/CVE-2021-21640 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/cve/CVE-2021-28092 https://access.redhat.com/security/cve/CVE-2021-28163 https://access.redhat.com/security/cve/CVE-2021-28165 https://access.redhat.com/security/cve/CVE-2021-28918 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMpTK9zjgjWX9erEAQhuDxAAiYzTy/QGkC1ju33ImJaAbWXwW6RU2AjY fHod/mIAxtwOEZ3Oacz/w9c5nlJSQOuxON2/rzRDJErjQ60JsE1pgtzBEQZvOhoP djV+JcrOBrrJw9l1lEm8/fCulBSmSQL78EC9eyecJl5yLeGMdnfQYk5TeMCruk/f WqmglrOVeECowCK3CAa00U/Y9KAbJe8QuhFAH7nsRuBvaXzSSg3mB4tX1UEmH/rM T462DiBdmD1KcXfFgGK3UcxLnJxPyY41hryHDr+zRQGTcPyIou06ptUcX0dWCGIK ee2xJJjzbJi6NjU1Iu7PdRvP1+AS0Aq+pci0msqR3R7Nag4JiYKbxchNKMj02VBJ CbrAoSOLNpVwPprNgplDWT9GHkzvn9sxCz81MP/VsHerK3DsurI3FGbhuuWAXBYw nId+9hl9g3v9ahCwRbB3v6MNhu05s2+mt4pN7bRjGRpiMgZOg4VYebQ8Mc62uRDg VF6o/wwO32w1fd0aHkuxOb54NSJ/6MYRVSeESEO45/vDdZzwpleUqJykT1iRzcAL 9gjEH/MrBVh+tMo66USS0nheJrwafc9dU3nb3ELYJ1kOVZU60DiQBo01Pobq0Qye 12AfZuByrD3/8UUeHHc0+3ha2nmuLr5PIQ+KrMJCowLomimaMiw/cUxHpk/UljjC kKpIsOs1gr4= =QwVs -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: cURL: Multiple vulnerabilities Date: December 23, 2020 Bugs: #737990, #759259 ID: 202012-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss. Background ========== A command line tool and library for transferring data with URLs. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/curl < 7.74.0 >= 7.74.0 Description =========== Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All cURL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.74.0" References ========== [ 1 ] CVE-2020-8231 https://nvd.nist.gov/vuln/detail/CVE-2020-8231 [ 2 ] CVE-2020-8284 https://nvd.nist.gov/vuln/detail/CVE-2020-8284 [ 3 ] CVE-2020-8285 https://nvd.nist.gov/vuln/detail/CVE-2020-8285 [ 4 ] CVE-2020-8286 https://nvd.nist.gov/vuln/detail/CVE-2020-8286 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202012-14 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless Operator. Security Fix(es): * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703). For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.7/html/serverless/index See the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.8/html/serverless/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 5

Trust: 1.71

sources: NVD: CVE-2020-8284 // VULHUB: VHN-186409 // VULMON: CVE-2020-8284 // PACKETSTORM: 163747 // PACKETSTORM: 162837 // PACKETSTORM: 163257 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 160706 // PACKETSTORM: 164192

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:applemodel:macosscope:eqversion:11.0.1

Trust: 1.0

vendor:oraclemodel:essbasescope:eqversion:21.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp3110

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:8.2.12

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:siemensmodel:sinec infrastructure network servicesscope:ltversion:1.0.1.1

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp3110

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:haxxmodel:curlscope:lteversion:7.73.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp2410

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:eqversion:9.1.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:ltversion:9.0.6

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:applemodel:macosscope:eqversion:11.1

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:9.0.0

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp2410

Trust: 1.0

vendor:applemodel:macosscope:eqversion:11.2

Trust: 1.0

vendor:splunkmodel:universal forwarderscope:gteversion:8.2.0

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp2410

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m10-4scope:ltversion:xcp3110

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:fujitsumodel:m12-2scope:ltversion:xcp3110

Trust: 1.0

vendor:netappmodel:hci storage nodescope:eqversion: -

Trust: 1.0

vendor:fujitsumodel:m12-2sscope:ltversion:xcp2410

Trust: 1.0

vendor:netappmodel:hci bootstrap osscope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14.0

Trust: 1.0

vendor:fujitsumodel:m12-1scope:ltversion:xcp3110

Trust: 1.0

vendor:fujitsumodel:m10-4sscope:ltversion:xcp2410

Trust: 1.0

vendor:fujitsumodel:m10-1scope:ltversion:xcp2410

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.14.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2020-8284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8284
value: LOW

Trust: 1.0

CNNVD: CNNVD-202012-754
value: LOW

Trust: 0.6

VULHUB: VHN-186409
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8284
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8284
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-186409
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8284
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-186409 // VULMON: CVE-2020-8284 // CNNVD: CNNVD-202012-754 // NVD: CVE-2020-8284

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-186409 // NVD: CVE-2020-8284

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-754

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202012-754

PATCH

title:Haxx curl Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=137264

Trust: 0.6

title:Debian CVElist Bug Report Logs: curl: CVE-2020-8284: trusting FTP PASV responsesurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=0ffb05dc08c6c9f5251a5fb47d2c1b45

Trust: 0.1

title:IBM: Security Bulletin: IBM MQ is affected by a vulnerability within libcurl (CVE-2020-8284)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8dce374d73a7e6e542a5aecc279d3c25

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-8284 log

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1693url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1693

Trust: 0.1

title:Debian Security Advisories: DSA-4881-1 curl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a9706a30f62799ecc4d45bdb53c244eb

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=4a9822530e6b610875f83ffc10e02aba

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title:evilFTPurl:https://github.com/vp777/evilFTP

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-40491

Trust: 0.1

title:surferFTPurl:https://github.com/vp777/surferFTP

Trust: 0.1

title:clair-clienturl:https://github.com/indece-official/clair-client

Trust: 0.1

title:PIA-PCurl:https://github.com/zanezhub/PIA-PC

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2020-8284 // CNNVD: CNNVD-202012-754

EXTERNAL IDS

db:NVDid:CVE-2020-8284

Trust: 2.5

db:SIEMENSid:SSA-389290

Trust: 1.7

db:HACKERONEid:1040166

Trust: 1.7

db:PACKETSTORMid:160706

Trust: 0.8

db:PACKETSTORMid:163496

Trust: 0.8

db:PACKETSTORMid:160436

Trust: 0.7

db:PACKETSTORMid:163267

Trust: 0.7

db:PACKETSTORMid:163276

Trust: 0.7

db:PACKETSTORMid:160423

Trust: 0.7

db:PACKETSTORMid:162629

Trust: 0.7

db:PACKETSTORMid:164192

Trust: 0.7

db:AUSCERTid:ESB-2020.4343

Trust: 0.6

db:AUSCERTid:ESB-2020.4364

Trust: 0.6

db:AUSCERTid:ESB-2021.1700

Trust: 0.6

db:AUSCERTid:ESB-2021.1866

Trust: 0.6

db:AUSCERTid:ESB-2021.2657

Trust: 0.6

db:AUSCERTid:ESB-2021.2711

Trust: 0.6

db:AUSCERTid:ESB-2020.4506

Trust: 0.6

db:AUSCERTid:ESB-2023.3146

Trust: 0.6

db:AUSCERTid:ESB-2021.1841

Trust: 0.6

db:AUSCERTid:ESB-2021.2228

Trust: 0.6

db:AUSCERTid:ESB-2022.6150

Trust: 0.6

db:AUSCERTid:ESB-2021.2180

Trust: 0.6

db:AUSCERTid:ESB-2021.0631

Trust: 0.6

db:AUSCERTid:ESB-2020.4534

Trust: 0.6

db:AUSCERTid:ESB-2021.2471

Trust: 0.6

db:AUSCERTid:ESB-2021.2365

Trust: 0.6

db:AUSCERTid:ESB-2021.3141

Trust: 0.6

db:AUSCERTid:ESB-2021.4058

Trust: 0.6

db:AUSCERTid:ESB-2021.1114

Trust: 0.6

db:CS-HELPid:SB2021062315

Trust: 0.6

db:CS-HELPid:SB2021062703

Trust: 0.6

db:CS-HELPid:SB2021071516

Trust: 0.6

db:CS-HELPid:SB2021072050

Trust: 0.6

db:CS-HELPid:SB2021051406

Trust: 0.6

db:CS-HELPid:SB2021092220

Trust: 0.6

db:CS-HELPid:SB2022031104

Trust: 0.6

db:CS-HELPid:SB2021052026

Trust: 0.6

db:CNNVDid:CNNVD-202012-754

Trust: 0.6

db:PACKETSTORMid:163257

Trust: 0.2

db:PACKETSTORMid:163197

Trust: 0.1

db:PACKETSTORMid:163193

Trust: 0.1

db:VULHUBid:VHN-186409

Trust: 0.1

db:VULMONid:CVE-2020-8284

Trust: 0.1

db:PACKETSTORMid:163747

Trust: 0.1

db:PACKETSTORMid:162837

Trust: 0.1

db:PACKETSTORMid:163188

Trust: 0.1

sources: VULHUB: VHN-186409 // VULMON: CVE-2020-8284 // PACKETSTORM: 163747 // PACKETSTORM: 162837 // PACKETSTORM: 163257 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 160706 // PACKETSTORM: 164192 // CNNVD: CNNVD-202012-754 // NVD: CVE-2020-8284

REFERENCES

url:https://security.gentoo.org/glsa/202012-14

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210122-0007/

Trust: 1.7

url:https://support.apple.com/kb/ht212325

Trust: 1.7

url:https://support.apple.com/kb/ht212326

Trust: 1.7

url:https://support.apple.com/kb/ht212327

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-4881

Trust: 1.7

url:https://curl.se/docs/cve-2020-8284.html

Trust: 1.7

url:https://hackerone.com/reports/1040166

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2020-8284

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-8284

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-8286

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-28196

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-15358

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-13434

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-8231

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-29362

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-8285

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2016-10228

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-9169

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-25013

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-29361

Trust: 0.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9169

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3326

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-25013

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-2708

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-8927

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-29363

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-2708

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2016-10228

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-27618

Trust: 0.6

url:https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1866

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1700

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2657

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0631

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2711

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1841

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4343/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3146

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.6150

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1114

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2365

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2020-8284-cve-2020-8285-and-cve-2020-8286/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2180

Trust: 0.6

url:https://packetstormsecurity.com/files/162629/red-hat-security-advisory-2021-1610-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052026

Trust: 0.6

url:https://packetstormsecurity.com/files/160706/gentoo-linux-security-advisory-202012-14.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072050

Trust: 0.6

url:https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/curl-information-disclosure-via-ftp-pasv-responses-34066

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2228

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062703

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092220

Trust: 0.6

url:https://support.apple.com/en-us/ht212325

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4534/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4364/

Trust: 0.6

url:https://packetstormsecurity.com/files/160436/ubuntu-security-notice-usn-4665-2.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6520474

Trust: 0.6

url:https://support.apple.com/en-us/ht212327

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4506/

Trust: 0.6

url:https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2471

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071516

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062315

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4058

Trust: 0.6

url:https://packetstormsecurity.com/files/160423/ubuntu-security-notice-usn-4665-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021051406

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3141

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-within-libcurl-cve-2020-8284/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031104

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2017-14502

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2017-14502

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-27618

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-27219

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-28196

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-29362

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-29361

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-13776

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-3842

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13776

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-24977

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-3842

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8285

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8286

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8231

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3450

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-8927

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-3326

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-29363

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-28092

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3520

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3537

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3518

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3516

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-21309

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28918

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3517

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3541

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26116

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26137

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12362

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27619

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3177

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23336

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12362

Trust: 0.2

url:https://issues.jboss.org/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-27219

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20305

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24977

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-27918

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-31525

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31525

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27918

Trust: 0.2

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33196

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33196

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28469

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29418

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33034

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28851

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33909

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23337

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27358

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23369

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21321

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23368

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11668

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23364

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23343

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33502

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23383

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28851

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33033

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25217

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28469

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3016

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3377

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28500

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21272

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29477

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27292

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29478

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11668

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23839

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19906

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23382

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33910

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14346

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14347

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27835

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9951

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25704

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19528

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13012

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0431

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14360

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19528

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12464

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14314

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14347

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14360

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14356

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27786

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14314

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25643

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9983

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24394

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0431

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0342

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14344

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14345

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14344

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14361

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25285

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35508

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25212

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28974

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15437

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13012

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25284

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14346

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14356

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11608

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11608

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3450

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2130

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/windows_containers/window

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3449

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25039

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21639

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12364

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28163

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25034

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25035

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25038

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24330

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25042

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3501

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25042

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25038

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25041

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25036

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27170

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25215

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24331

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25036

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25035

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-2433

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3347

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12363

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24332

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3114

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25039

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-25040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12364

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25041

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2461

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-25034

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2705

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33198

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33198

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34558

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3556

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3421

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3703

Trust: 0.1

sources: VULHUB: VHN-186409 // PACKETSTORM: 163747 // PACKETSTORM: 162837 // PACKETSTORM: 163257 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 160706 // PACKETSTORM: 164192 // CNNVD: CNNVD-202012-754 // NVD: CVE-2020-8284

CREDITS

Red Hat

Trust: 1.2

sources: PACKETSTORM: 163747 // PACKETSTORM: 162837 // PACKETSTORM: 163257 // PACKETSTORM: 163188 // PACKETSTORM: 163496 // PACKETSTORM: 164192 // CNNVD: CNNVD-202012-754

SOURCES

db:VULHUBid:VHN-186409
db:VULMONid:CVE-2020-8284
db:PACKETSTORMid:163747
db:PACKETSTORMid:162837
db:PACKETSTORMid:163257
db:PACKETSTORMid:163188
db:PACKETSTORMid:163496
db:PACKETSTORMid:160706
db:PACKETSTORMid:164192
db:CNNVDid:CNNVD-202012-754
db:NVDid:CVE-2020-8284

LAST UPDATE DATE

2025-07-08T20:41:27.898000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186409date:2022-05-13T00:00:00
db:VULMONid:CVE-2020-8284date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202012-754date:2023-06-05T00:00:00
db:NVDid:CVE-2020-8284date:2024-11-21T05:38:39.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-186409date:2020-12-14T00:00:00
db:VULMONid:CVE-2020-8284date:2020-12-14T00:00:00
db:PACKETSTORMid:163747date:2021-08-06T14:02:37
db:PACKETSTORMid:162837date:2021-05-27T13:28:54
db:PACKETSTORMid:163257date:2021-06-23T15:44:15
db:PACKETSTORMid:163188date:2021-06-17T17:53:22
db:PACKETSTORMid:163496date:2021-07-14T15:02:07
db:PACKETSTORMid:160706date:2020-12-24T17:16:22
db:PACKETSTORMid:164192date:2021-09-17T16:04:56
db:CNNVDid:CNNVD-202012-754date:2020-12-09T00:00:00
db:NVDid:CVE-2020-8284date:2020-12-14T20:15:13.903