ID

VAR-202105-1459


CVE

CVE-2020-36331


TITLE

libwebp Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202105-1382

DESCRIPTION

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4930-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 10, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libwebp CVE ID : CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 Multiple vulnerabilities were discovered in libwebp, the implementation of the WebP image format, which could result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed images are processed. For the stable distribution (buster), these problems have been fixed in version 0.6.1-2+deb10u1. We recommend that you upgrade your libwebp packages. For the detailed security status of libwebp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libwebp Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDCfg0ACgkQEMKTtsN8 TjaaKBAAqMJfe5aH4Gh14SpB7h2S5JJUK+eo/aPo1tXn7BoLiF4O5g05+McyUOdE HI9ibolUfv+HoZlCDC93MBJvopWgd1/oqReHML5n2GXPBESYXpRstL04qwaRqu9g AvofhX88EwHefTXmljVTL4W1KgMJuhhPxVLdimxoqd0/hjagZtA7B7R05khigC5k nHMFoRogSPjI9H4vI2raYaOqC26zmrZNbk/CRVhuUbtDOG9qy9okjc+6KM9RcbXC ha++EhrGXPjCg5SwrQAZ50nW3Jwif2WpSeULfTrqHr2E8nHGUCHDMMtdDwegFH/X FK0dVaNPgrayw1Dji+fhBQz3qR7pl/1DK+gsLtREafxY0+AxZ57kCi51CykT/dLs eC4bOPaoho91KuLFrT+X/AyAASS/00VuroFJB4sWQUvEpBCnWPUW1m3NvjsyoYuj 0wmQMVM5Bb/aYuWAM+/V9MeoklmtIn+OPAXqsVvLxdbB0GScwJV86/NvsN6Nde6c twImfMCK1V75FPrIsxx37M52AYWvALgXbWoVi4aQPyPeDerQdgUPL1FzTGzem0NQ PnXhuE27H/pJz79DosW8md0RFr+tfPgZ8CeTirXSUUXFiqhcXR/w1lqN2vlmfm8V dmwgzvu9A7ZhG++JRqbbMx2D+NS4coGgRdA7XPuRrdNKniRIDhQ= =pN/j -----END PGP SIGNATURE----- . Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libwebp security update Advisory ID: RHSA-2021:4231-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4231 Issue date: 2021-11-09 CVE Names: CVE-2018-25009 CVE-2018-25010 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 ==================================================================== 1. Summary: An update for libwebp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: libwebp-1.0.0-5.el8.src.rpm aarch64: libwebp-1.0.0-5.el8.aarch64.rpm libwebp-debuginfo-1.0.0-5.el8.aarch64.rpm libwebp-debugsource-1.0.0-5.el8.aarch64.rpm libwebp-devel-1.0.0-5.el8.aarch64.rpm libwebp-java-debuginfo-1.0.0-5.el8.aarch64.rpm libwebp-tools-debuginfo-1.0.0-5.el8.aarch64.rpm ppc64le: libwebp-1.0.0-5.el8.ppc64le.rpm libwebp-debuginfo-1.0.0-5.el8.ppc64le.rpm libwebp-debugsource-1.0.0-5.el8.ppc64le.rpm libwebp-devel-1.0.0-5.el8.ppc64le.rpm libwebp-java-debuginfo-1.0.0-5.el8.ppc64le.rpm libwebp-tools-debuginfo-1.0.0-5.el8.ppc64le.rpm s390x: libwebp-1.0.0-5.el8.s390x.rpm libwebp-debuginfo-1.0.0-5.el8.s390x.rpm libwebp-debugsource-1.0.0-5.el8.s390x.rpm libwebp-devel-1.0.0-5.el8.s390x.rpm libwebp-java-debuginfo-1.0.0-5.el8.s390x.rpm libwebp-tools-debuginfo-1.0.0-5.el8.s390x.rpm x86_64: libwebp-1.0.0-5.el8.i686.rpm libwebp-1.0.0-5.el8.x86_64.rpm libwebp-debuginfo-1.0.0-5.el8.i686.rpm libwebp-debuginfo-1.0.0-5.el8.x86_64.rpm libwebp-debugsource-1.0.0-5.el8.i686.rpm libwebp-debugsource-1.0.0-5.el8.x86_64.rpm libwebp-devel-1.0.0-5.el8.i686.rpm libwebp-devel-1.0.0-5.el8.x86_64.rpm libwebp-java-debuginfo-1.0.0-5.el8.i686.rpm libwebp-java-debuginfo-1.0.0-5.el8.x86_64.rpm libwebp-tools-debuginfo-1.0.0-5.el8.i686.rpm libwebp-tools-debuginfo-1.0.0-5.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-25009 https://access.redhat.com/security/cve/CVE-2018-25010 https://access.redhat.com/security/cve/CVE-2018-25012 https://access.redhat.com/security/cve/CVE-2018-25013 https://access.redhat.com/security/cve/CVE-2018-25014 https://access.redhat.com/security/cve/CVE-2020-36330 https://access.redhat.com/security/cve/CVE-2020-36331 https://access.redhat.com/security/cve/CVE-2020-36332 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrdV9zjgjWX9erEAQjPKw//b87QnRCt7mK8HBE36Ryh32/KlNTbdNl6 KXkxyVMUVTaofuqdPoXmJOCUkaVUIxypxj4rnYKDIkRiWMIjTs11j5N17GRbUzC8 j0BLMniOja5AoeYJaRd3hSaJEh4Pwq7a1kYhlxwcJxQ2XUHLBNa8++aItgRcpfOv ANQKsfjppoLqTAvgSNwvbLEG+yiObS/oj3wxZpIL1LVgAFiHQZBgAQYci6Oi712Y O3zyuq5jWkGcPtvp+v62fv3vVM4lqMcDna59O8DpcPmgwDgnJjQv8hd6WsIjMc6l ofXaipBrUlr5viTMDBMt36Vel2M4mvIcfrA+4walNO0mGpMrB/2ukqyn2yMzO8dl zmMGw4XsBFVKvqjkjiIApyn2UtmPelOyjDwr0WnUvrx/CprW/cxhA1Ou1tSPwMEE 0DIvANBtNLMm//1juXKSUUew8lKy32I06hrp9bLq44p15DeC1cab7V1cb1e+urWm Pa3ZiUHvFpiKK5hRrAx64I0ZDle0vgwe92OIi5ibT+FT6F5dL4cnbhv/6pDi/saP YDZlQNidSs8QYRWRJdXCH7EDCRyncZjFKTrnuJhpJ/Iz8cCIl0JjtnbeVaW7iHsI qnqSANHZV+iVrSJEav8JLmWWkrf9HYlixI6udpG5cZmNt4Be9q6f8WIguq7mPy3k lJzqUU7nXTw=nPk5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1168 - Disable hostname verification in syslog TLS settings LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd LOG-1375 - ssl_ca_cert should be optional LOG-1378 - CLO should support sasl_plaintext(Password over http) LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate LOG-1494 - Syslog output is serializing json incorrectly LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing LOG-1735 - Regression introducing flush_at_shutdown LOG-1774 - The collector logs should be excluded in fluent.conf LOG-1776 - fluentd total_limit_size sets value beyond available space LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL LOG-1903 - Fix the Display of ClusterLogging type in OLM LOG-1911 - CLF API changes to Opt-in to multiline error detection LOG-1918 - Alert `FluentdNodeDown` always firing LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding 6

Trust: 1.8

sources: NVD: CVE-2020-36331 // VULHUB: VHN-391910 // VULMON: CVE-2020-36331 // PACKETSTORM: 169076 // PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 165288 // PACKETSTORM: 165296 // PACKETSTORM: 164842 // PACKETSTORM: 165631 // PACKETSTORM: 164967

AFFECTED PRODUCTS

vendor:webmprojectmodel:libwebpscope:ltversion:1.0.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.7

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2020-36331

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-36331
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202105-1382
value: CRITICAL

Trust: 0.6

VULHUB: VHN-391910
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-36331
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-36331
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-391910
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-36331
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-391910 // VULMON: CVE-2020-36331 // CNNVD: CNNVD-202105-1382 // NVD: CVE-2020-36331

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-391910 // NVD: CVE-2020-36331

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1382

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202105-1382

PATCH

title:libwebp Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=151881

Trust: 0.6

title:Amazon Linux AMI: ALAS-2023-1740url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2023-1740

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-2031url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-2031

Trust: 0.1

title:Debian Security Advisories: DSA-4930-1 libwebp -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=6dad0021173658916444dfc89f8d2495

Trust: 0.1

title:Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225069 - Security Advisory

Trust: 0.1

sources: VULMON: CVE-2020-36331 // CNNVD: CNNVD-202105-1382

EXTERNAL IDS

db:NVDid:CVE-2020-36331

Trust: 2.6

db:PACKETSTORMid:164842

Trust: 0.8

db:PACKETSTORMid:165288

Trust: 0.8

db:PACKETSTORMid:165287

Trust: 0.8

db:CNNVDid:CNNVD-202105-1382

Trust: 0.7

db:AUSCERTid:ESB-2022.3977

Trust: 0.6

db:AUSCERTid:ESB-2021.2102

Trust: 0.6

db:AUSCERTid:ESB-2021.1965

Trust: 0.6

db:AUSCERTid:ESB-2021.4254

Trust: 0.6

db:AUSCERTid:ESB-2021.2485.2

Trust: 0.6

db:AUSCERTid:ESB-2021.1880

Trust: 0.6

db:AUSCERTid:ESB-2021.3905

Trust: 0.6

db:AUSCERTid:ESB-2021.1914

Trust: 0.6

db:AUSCERTid:ESB-2021.3789

Trust: 0.6

db:AUSCERTid:ESB-2022.0245

Trust: 0.6

db:AUSCERTid:ESB-2021.1959

Trust: 0.6

db:AUSCERTid:ESB-2021.4229

Trust: 0.6

db:CS-HELPid:SB2021072216

Trust: 0.6

db:CS-HELPid:SB2021061301

Trust: 0.6

db:CS-HELPid:SB2021060725

Trust: 0.6

db:PACKETSTORMid:163645

Trust: 0.6

db:VULHUBid:VHN-391910

Trust: 0.1

db:VULMONid:CVE-2020-36331

Trust: 0.1

db:PACKETSTORMid:169076

Trust: 0.1

db:PACKETSTORMid:165286

Trust: 0.1

db:PACKETSTORMid:165296

Trust: 0.1

db:PACKETSTORMid:165631

Trust: 0.1

db:PACKETSTORMid:164967

Trust: 0.1

sources: VULHUB: VHN-391910 // VULMON: CVE-2020-36331 // PACKETSTORM: 169076 // PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 165288 // PACKETSTORM: 165296 // PACKETSTORM: 164842 // PACKETSTORM: 165631 // PACKETSTORM: 164967 // CNNVD: CNNVD-202105-1382 // NVD: CVE-2020-36331

REFERENCES

url:https://security.netapp.com/advisory/ntap-20211112-0001/

Trust: 1.8

url:https://support.apple.com/kb/ht212601

Trust: 1.8

url:https://www.debian.org/security/2021/dsa-4930

Trust: 1.8

url:http://seclists.org/fulldisclosure/2021/jul/54

Trust: 1.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=1956856

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-25010

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-25014

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-25013

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-25009

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2018-25013

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-25012

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2018-25014

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2018-25012

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-36331

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-36330

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-36332

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2018-25009

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2018-25010

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-35522

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-35524

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-35521

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-17541

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3481

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-35523

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0245

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3977

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1959

Trust: 0.6

url:https://packetstormsecurity.com/files/165287/red-hat-security-advisory-2021-5127-05.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060725

Trust: 0.6

url:https://vigilance.fr/vulnerability/libwebp-five-vulnerabilities-35580

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2485.2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1965

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072216

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3789

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3905

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1914

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4229

Trust: 0.6

url:https://support.apple.com/en-us/ht212601

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1880

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061301

Trust: 0.6

url:https://packetstormsecurity.com/files/163645/apple-security-advisory-2021-07-21-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4254

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2102

Trust: 0.6

url:https://packetstormsecurity.com/files/164842/red-hat-security-advisory-2021-4231-04.html

Trust: 0.6

url:https://packetstormsecurity.com/files/165288/red-hat-security-advisory-2021-5129-06.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-36330

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-17541

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-36331

Trust: 0.4

url:https://access.redhat.com/security/vulnerabilities/rhsb-2021-009

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-44228

Trust: 0.4

url:https://issues.jboss.org/):

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-35524

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-35522

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-35523

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-21409

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-35521

Trust: 0.3

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-10001

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-10001

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-36332

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20317

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43267

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24504

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27777

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20239

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36158

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-35448

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3635

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20284

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36386

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-0427

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24586

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3348

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26140

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3487

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26146

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31440

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3732

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-0129

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24502

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3564

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-0427

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23133

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26144

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3679

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-36312

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29368

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24588

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-29646

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-29155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3489

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29660

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26139

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28971

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14615

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26143

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3600

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26145

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33200

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-29650

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33033

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20194

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26147

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31916

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24503

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14615

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24502

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31829

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3573

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20197

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26141

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28950

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24587

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24503

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3659

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2023-1740.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36328

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36329

Trust: 0.1

url:https://security-tracker.debian.org/tracker/libwebp

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25011

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5128

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5127

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5129

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5137

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4231

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1870

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3575

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30758

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15389

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30665

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30689

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30682

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-18032

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1801

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1765

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4658

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26927

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20847

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27918

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30795

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-5785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30744

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21775

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27814

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36241

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20321

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27842

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21779

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3948

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27828

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1871

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29338

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30734

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26926

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28650

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24870

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-1789

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30663

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30799

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3272

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15389

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27824

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33194

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4627

Trust: 0.1

sources: VULHUB: VHN-391910 // VULMON: CVE-2020-36331 // PACKETSTORM: 169076 // PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 165288 // PACKETSTORM: 165296 // PACKETSTORM: 164842 // PACKETSTORM: 165631 // PACKETSTORM: 164967 // CNNVD: CNNVD-202105-1382 // NVD: CVE-2020-36331

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 165286 // PACKETSTORM: 165287 // PACKETSTORM: 165288 // PACKETSTORM: 165296 // PACKETSTORM: 164842 // PACKETSTORM: 165631 // PACKETSTORM: 164967

SOURCES

db:VULHUBid:VHN-391910
db:VULMONid:CVE-2020-36331
db:PACKETSTORMid:169076
db:PACKETSTORMid:165286
db:PACKETSTORMid:165287
db:PACKETSTORMid:165288
db:PACKETSTORMid:165296
db:PACKETSTORMid:164842
db:PACKETSTORMid:165631
db:PACKETSTORMid:164967
db:CNNVDid:CNNVD-202105-1382
db:NVDid:CVE-2020-36331

LAST UPDATE DATE

2026-07-10T21:43:52.768000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-391910date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-36331date:2023-01-09T00:00:00
db:CNNVDid:CNNVD-202105-1382date:2022-12-09T00:00:00
db:NVDid:CVE-2020-36331date:2026-06-17T03:15:19.610

SOURCES RELEASE DATE

db:VULHUBid:VHN-391910date:2021-05-21T00:00:00
db:VULMONid:CVE-2020-36331date:2021-05-21T00:00:00
db:PACKETSTORMid:169076date:2021-06-28T19:12:00
db:PACKETSTORMid:165286date:2021-12-15T15:20:33
db:PACKETSTORMid:165287date:2021-12-15T15:20:43
db:PACKETSTORMid:165288date:2021-12-15T15:22:36
db:PACKETSTORMid:165296date:2021-12-15T15:27:05
db:PACKETSTORMid:164842date:2021-11-10T17:05:32
db:PACKETSTORMid:165631date:2022-01-20T17:48:29
db:PACKETSTORMid:164967date:2021-11-15T17:25:56
db:CNNVDid:CNNVD-202105-1382date:2021-05-21T00:00:00
db:NVDid:CVE-2020-36331date:2021-05-21T17:15:08.397