var-202006-1636
Vulnerability from variot
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. A cross-site scripting vulnerability exists in the WebKit component of several Apple products. An attacker can exploit this vulnerability by using a specially crafted URL to execute scripts in the user's browser. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update Advisory ID: RHSA-2020:5605-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2020:5605 Issue date: 2020-12-17 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-1551 CVE-2019-5018 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11068 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-16168 CVE-2019-16935 CVE-2019-18197 CVE-2019-18609 CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20807 CVE-2019-20907 CVE-2019-20916 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7720 CVE-2020-8177 CVE-2020-8237 CVE-2020-8492 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-11793 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15503 CVE-2020-15586 CVE-2020-16845 CVE-2020-25660 =====================================================================
- Summary:
Updated images are now available for Red Hat OpenShift Container Storage 4.6.0 on Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.
These updated images include numerous security fixes, bug fixes, and enhancements.
Security Fix(es):
-
nodejs-node-forge: prototype pollution via the util.setPath function (CVE-2020-7720)
-
nodejs-json-bigint: Prototype pollution via
__proto__
assignment could result in DoS (CVE-2020-8237) -
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
-
golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s torage/4.6/html/4.6_release_notes/index
All Red Hat OpenShift Container Storage users are advised to upgrade to these updated images.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume
1813506 - Dockerfile not compatible with docker and buildah
1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup
1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement
1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance
1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https)
1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node.
1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default
1842254 - [NooBaa] Compression stats do not add up when compression id disabled
1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster
1849771 - [RFE] Account created by OBC should have same permissions as bucket owner
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot
1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume
1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount
1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params)
1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14)
1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage
1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards
1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found
1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining
1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script
1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases.
1865938 - CSIDrivers missing in OCS 4.6
1867024 - [ocs-operator] operator v4.6.0-519.ci is in Installing state
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1868060 - [External Cluster] Noobaa-default-backingstore PV in released state upon OCS 4.5 uninstall (Secret not found)
1868703 - [rbd] After volume expansion, the new size is not reflected on the pod
1869411 - capture full crash information from ceph
1870061 - [RHEL][IBM] OCS un-install should make the devices raw
1870338 - OCS 4.6 must-gather : ocs-must-gather-xxx-helper pod in ContainerCreationError (couldn't find key admin-secret)
1870631 - OCS 4.6 Deployment : RGW pods went into 'CrashLoopBackOff' state on Z Platform
1872119 - Updates don't work on StorageClass which will keep PV expansion disabled for upgraded cluster
1872696 - [ROKS][RFE]NooBaa Configure IBM COS as default backing store
1873864 - Noobaa: On an baremetal RHCOS cluster, some backingstores are stuck in PROGRESSING state with INVALID_ENDPOINT TemporaryError
1874606 - CVE-2020-7720 nodejs-node-forge: prototype pollution via the util.setPath function
1875476 - Change noobaa logo in the noobaa UI
1877339 - Incorrect use of logr
1877371 - NooBaa UI warning message on Deploy Kubernetes Pool process - typo and shown number is incorrect
1878153 - OCS 4.6 must-gather: collect node information under cluster_scoped_resources/oc_output directory
1878714 - [FIPS enabled] BadDigest error on file upload to noobaa bucket
1878853 - [External Mode] ceph-external-cluster-details-exporter.py does not tolerate TLS enabled RGW
1879008 - ocs-osd-removal job fails because it can't find admin-secret in rook-ceph-mon secret
1879072 - Deployment with encryption at rest is failing to bring up OSD pods
1879919 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed
1880255 - Collect rbd info and subvolume info and snapshot info command output
1881028 - CVE-2020-8237 nodejs-json-bigint: Prototype pollution via __proto__
assignment could result in DoS
1881071 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed
1882397 - MCG decompression problem with snappy on s390x arch
1883253 - CSV doesn't contain values required for UI to enable minimal deployment and cluster encryption
1883398 - Update csi sidecar containers in rook
1883767 - Using placement strategies in cluster-service.yaml causes ocs-operator to crash
1883810 - [External mode] RGW metrics is not available after OCS upgrade from 4.5 to 4.6
1883927 - Deployment with encryption at rest is failing to bring up OSD pods
1885175 - Handle disappeared underlying device for encrypted OSD
1885428 - panic seen in rook-ceph during uninstall - "close of closed channel"
1885648 - [Tracker for https://bugzilla.redhat.com/show_bug.cgi?id=1885700] FSTYPE for localvolumeset devices shows up as ext2 after uninstall
1885971 - ocs-storagecluster-cephobjectstore doesn't report true state of RGW
1886308 - Default VolumeSnapshot Classes not created in External Mode
1886348 - osd removal job failed with status "Error"
1886551 - Clone creation failed after timeout of 5 hours of Azure platrom for 3 CephFS PVCs ( PVC sizes: 1, 25 and 100 GB)
1886709 - [External] RGW storageclass disappears after upgrade from OCS 4.5 to 4.6
1886859 - OCS 4.6: Uninstall stuck indefinitely if any Ceph pods are in Pending state before uninstall
1886873 - [OCS 4.6 External/Internal Uninstall] - Storage Cluster deletion stuck indefinitely, "failed to delete object store", remaining users: [noobaa-ceph-objectstore-user]
1888583 - [External] When deployment is attempted without specifying the monitoring-endpoint while generating JSON, the CSV is stuck in installing state
1888593 - [External] Add validation for monitoring-endpoint and port in the exporter script
1888614 - [External] Unreachable monitoring-endpoint used during deployment causes ocs-operator to crash
1889441 - Traceback error message while running OCS 4.6 must-gather
1889683 - [GSS] Noobaa Problem when setting public access to a bucket
1889866 - Post node power off/on, an unused MON PVC still stays back in the cluster
1890183 - [External] ocs-operator logs are filled with "failed to reconcile metrics exporter"
1890638 - must-gather helper pod should be deleted after collecting ceph crash info
1890971 - [External] RGW metrics are not available if anything else except 9283 is provided as the monitoring-endpoint-port
1891856 - ocs-metrics-exporter pod should have tolerations for OCS taint
1892206 - [GSS] Ceph image/version mismatch
1892234 - clone #95 creation failed for CephFS PVC ( 10 GB PVC size) during multiple clones creation test
1893624 - Must Gather is not collecting the tar file from NooBaa diagnose
1893691 - OCS4.6 must_gather failes to complete in 600sec
1893714 - Bad response for upload an object with encryption
1895402 - Mon pods didn't get upgraded in 720 second timeout from OCS 4.5 upgrade to 4.6
1896298 - [RFE] Monitoring for Namespace buckets and resources
1896831 - Clone#452 for RBD PVC ( PVC size 1 GB) failed to be created for 600 secs
1898521 - [CephFS] Deleting cephfsplugin pod along with app pods will make PV remain in Released state after deleting the PVC
1902627 - must-gather should wait for debug pods to be in ready state
1904171 - RGW Service is unavailable for a short period during upgrade to OCS 4.6
- References:
https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-1551 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18609 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7720 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8237 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX9yeRtzjgjWX9erEAQhKqg//WVp+fmCNgDoozXxpMDkvwSjyEP8wbySG 6wxQcsechzpRP9/+1f6bmq61lsOcZG6RXLEXawJT7Enhu42xsJ10UEsZbvQDqxVA KXAGqNQus9PYN9pjUwdjcWUazqjwjtJ9E7D1cReoph7rc3+OghIqC/lwv29VSy+X sM42m+FpEvdzSYtYCwuh8Nj7HdIZKT8Oo1fMFHik7TgYnJm3GXLPagHbqnLXq0Kj qww4ChW4+pFpfxgBgXWCJYZVRAK0Cb/LjjylK/dG0cdCBECoC2olqH6KLbADdyIv g1t9YqzcqcL/A3ZJd5icmt7OUhcHE+S3QOE53KCf8ew2IVT8rMgY1sZBU+TH3wVx Vz8AHfWB25yvfermFRzOY9WcVGQuDiWK19NYBxtIrE5HniAJ6rszhz5HWEOOT1Qm a6fc0CRkAz2dtkxF06TFFTBKWzXJeICtnqGlBmzbgRMf9hV3UZVJj28p/5SHzpJ7 MF2EfwEk2FtM6AWba7nXFaD61bTswBtJZAdoOVDnqkrK0Hmrw1kXUz+2DYRtEU0c 7kfeqJ91cKj/9DBhxN6n4rJob+wxkp1Ew8gShbqBdlLHmN9lO0b/bNmXexKwzlxJ +KmOX/5IcXfDY3bOjbkvSNdWlDxJl/hKyJNP1uHCZVgNP+oekELOit+xwr2oj/BJ c2GmqBqesbg= =MfHM -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:
Download the release images via:
quay.io/redhat/quay:v3.3.3 quay.io/redhat/clair-jwt:v3.3.3 quay.io/redhat/quay-builder:v3.3.3 quay.io/redhat/clair:v3.3.3
- Bugs fixed (https://bugzilla.redhat.com/):
1905758 - CVE-2020-27831 quay: email notifications authorization bypass 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display
- JIRA issues fixed (https://issues.jboss.org/):
PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version
-
Gentoo Linux Security Advisory GLSA 202007-11
https://security.gentoo.org/
Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: July 26, 2020 Bugs: #732104 ID: 202007-11
Synopsis
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.28.3 >= 2.28.3
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.28.3"
References
[ 1 ] CVE-2020-13753 https://nvd.nist.gov/vuln/detail/CVE-2020-13753 [ 2 ] CVE-2020-9802 https://nvd.nist.gov/vuln/detail/CVE-2020-9802 [ 3 ] CVE-2020-9803 https://nvd.nist.gov/vuln/detail/CVE-2020-9803 [ 4 ] CVE-2020-9805 https://nvd.nist.gov/vuln/detail/CVE-2020-9805 [ 5 ] CVE-2020-9806 https://nvd.nist.gov/vuln/detail/CVE-2020-9806 [ 6 ] CVE-2020-9807 https://nvd.nist.gov/vuln/detail/CVE-2020-9807 [ 7 ] CVE-2020-9843 https://nvd.nist.gov/vuln/detail/CVE-2020-9843 [ 8 ] CVE-2020-9850 https://nvd.nist.gov/vuln/detail/CVE-2020-9850
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202007-11
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-05-26-10 iCloud for Windows 7.19
iCloud for Windows 7.19 is now available and addresses the following:
ImageIO Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9789: Wenchao Li of VARAS@IIE CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
ImageIO Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3878: Samuel Groß of Google Project Zero
SQLite Available for: Windows 7 and later Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9805: an anonymous researcher
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9806: Wen Xu of SSLab at Georgia Tech CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit Available for: Windows 7 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9843: Ryan Pickren (ryanpickren.com)
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2020-9803: Wen Xu of SSLab at Georgia Tech
Additional recognition
ImageIO We would like to acknowledge Lei Sun for their assistance.
WebKit We would like to acknowledge Aidan Dunlap of UT Austin for their assistance.
The compliance-operator image updates are now available for OpenShift Container Platform 4.6.
This advisory provides the following updates among others:
- Enhances profile parsing time.
- Fixes excessive resource consumption from the Operator.
- Fixes default content image.
- Fixes outdated remediation handling. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Bugs fixed (https://bugzilla.redhat.com/):
1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state
CVE-2020-9850
@jinmo123, @setuid0x0_, and @insu_yun_en discovered that a remote
attacker may be able to cause arbitrary code execution.
CVE-2020-13753
Milan Crha discovered that an attacker may be able to execute
commands outside the bubblewrap sandbox.
For the stable distribution (buster), these problems have been fixed in version 2.28.3-2~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8PaKUACgkQEMKTtsN8 Tjaf3hAAjZCKrikC4P1I/xiuL6kRepTjURi3zeZl3YywPCFLi/irWXX+5U+ejZoM kek3wtdJc1thN8w9BbXhOVyLferb/xfnt5jUVtZ6JBNDKKWGXoTY0Qfdu2lH0vw5 IV1lf5bvOdawrw/tVS9Uy3dTN1kXEBZ3q3XCpRXrBWEkrXtWG/yznGy0duebnI5h PM7D6R4PIKiCB3HBe9rszCIQrYcGQ/U3x8a/FPnPUO2TCRfVZG918M9yO1fN1v2R +08h0DcOU8ggIJQwJA9hm/V3mJWpTayHh/ouTI8PrIcwG0T2/qbtUm/9cj0wvmXW Id+RgXtQAyKeXQoXD5oP9jzVDgmm7rn03Rn2FX5hzAdTJAqdvT/Mr4IDNcOgdS8O wXmGprdRvMzx0gXO5YpeTuhjQiCZS1fB9ByIOMq/7lIjpiBctrhTZQvlSMMyauIQ P7tTTT8zCZo0DIQc/c2KyCXlD9/ORZm801U5wpXwPXT9Zq8wRAp5PodK/4plOzKc JyJiPI6BR41+31C438nl3wifO/wLh8+6nHAb2rkRQSe6Tu9SKyqOmYT9Ev6JZi/1 R8NMBFSmTYM/XUv5ECsTeL3uLvDnCpKAR0EnWz5z1Cqy2AYzEthEf+1dwXAooYvO 2johOWMaUrSWJMsYdZjTFEahaCSO5oPTDlbZCB2yIgpc6P70irU= =L5lA -----END PGP SIGNATURE----- . Description:
Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1636", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "watchos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "6.2.5" }, { "model": "icloud", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "11.2" }, { "model": "itunes", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.10.7" }, { "model": "ipados", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.5" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.5" }, { "model": "safari", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.1.1" }, { "model": "tvos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "13.4.5" }, { "model": "icloud", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "11.0" }, { "model": "icloud", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "7.19" }, { "model": "tvos", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "13.4.5 \u672a\u6e80 (apple tv 4k)" }, { "model": "ipados", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "13.5 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)" }, { "model": "itunes", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "for windows 12.10.7 \u672a\u6e80 (windows 7 \u4ee5\u964d)" }, { "model": "watchos", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "6.2.5 \u672a\u6e80 (apple watch series 1 \u4ee5\u964d )" }, { "model": "ipados", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "13.5 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)" }, { "model": "ios", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "13.5 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)" }, { "model": "icloud", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "for windows 7.19 \u672a\u6e80 (windows 7 \u4ee5\u964d)" }, { "model": "icloud", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "for windows 11.2 \u672a\u6e80 (windows 10 \u4ee5\u964d)" }, { "model": "tvos", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "13.4.5 \u672a\u6e80 (apple tv hd)" }, { "model": "ios", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "13.5 \u672a\u6e80 (iphone 6s \u4ee5\u964d)" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-006158" }, { "db": "NVD", "id": "CVE-2020-9843" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndExcluding": "7.19", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndExcluding": "11.2", "versionStartIncluding": "11.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionEndExcluding": "12.10.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.2.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "13.5", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-9843" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gentoo", "sources": [ { "db": "PACKETSTORM", "id": "158572" }, { "db": "CNNVD", "id": "CNNVD-202005-1255" } ], "trust": 0.7 }, "cve": "CVE-2020-9843", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-006158", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-187968", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2020-9843", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 3.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2020-006158", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-9843", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-006158", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202005-1255", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-187968", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-9843", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-187968" }, { "db": "VULMON", "id": "CVE-2020-9843" }, { "db": "JVNDB", "id": "JVNDB-2020-006158" }, { "db": "CNNVD", "id": "CNNVD-202005-1255" }, { "db": "NVD", "id": "CVE-2020-9843" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. A cross-site scripting vulnerability exists in the WebKit component of several Apple products. An attacker can exploit this vulnerability by using a specially crafted URL to execute scripts in the user\u0027s browser. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update\nAdvisory ID: RHSA-2020:5605-01\nProduct: Red Hat OpenShift Container Storage\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5605\nIssue date: 2020-12-17\nCVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 \n CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 \n CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 \n CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 \n CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 \n CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 \n CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 \n CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 \n CVE-2019-1551 CVE-2019-5018 CVE-2019-8625 \n CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n CVE-2019-8846 CVE-2019-11068 CVE-2019-13050 \n CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 \n CVE-2019-15166 CVE-2019-15903 CVE-2019-16168 \n CVE-2019-16935 CVE-2019-18197 CVE-2019-18609 \n CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 \n CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 \n CVE-2019-20454 CVE-2019-20807 CVE-2019-20907 \n CVE-2019-20916 CVE-2020-1730 CVE-2020-1751 \n CVE-2020-1752 CVE-2020-3862 CVE-2020-3864 \n CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 \n CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 \n CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 \n CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 \n CVE-2020-7595 CVE-2020-7720 CVE-2020-8177 \n CVE-2020-8237 CVE-2020-8492 CVE-2020-9327 \n CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 \n CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 \n CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 \n CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 \n CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 \n CVE-2020-11793 CVE-2020-13630 CVE-2020-13631 \n CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 \n CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 \n CVE-2020-15503 CVE-2020-15586 CVE-2020-16845 \n CVE-2020-25660 \n=====================================================================\n\n1. Summary:\n\nUpdated images are now available for Red Hat OpenShift Container Storage\n4.6.0 on Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Container Storage is a highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API. \n\nThese updated images include numerous security fixes, bug fixes, and\nenhancements. \n\nSecurity Fix(es):\n\n* nodejs-node-forge: prototype pollution via the util.setPath function\n(CVE-2020-7720)\n\n* nodejs-json-bigint: Prototype pollution via `__proto__` assignment could\nresult in DoS (CVE-2020-8237)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can\nlead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes\nfrom invalid inputs (CVE-2020-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nUsers are directed to the Red Hat OpenShift Container Storage Release Notes\nfor information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_container_s\ntorage/4.6/html/4.6_release_notes/index\n\nAll Red Hat OpenShift Container Storage users are advised to upgrade to\nthese updated images. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume\n1813506 - Dockerfile not compatible with docker and buildah\n1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup\n1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement\n1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance\n1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https)\n1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. \n1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default\n1842254 - [NooBaa] Compression stats do not add up when compression id disabled\n1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster\n1849771 - [RFE] Account created by OBC should have same permissions as bucket owner\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot\n1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume\n1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount\n1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params)\n1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips \"b\" and \"c\" (spawned from Bug 1840084#c14)\n1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage\n1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards\n1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found\n1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining\n1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script\n1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases. \n1865938 - CSIDrivers missing in OCS 4.6\n1867024 - [ocs-operator] operator v4.6.0-519.ci is in Installing state\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1868060 - [External Cluster] Noobaa-default-backingstore PV in released state upon OCS 4.5 uninstall (Secret not found)\n1868703 - [rbd] After volume expansion, the new size is not reflected on the pod\n1869411 - capture full crash information from ceph\n1870061 - [RHEL][IBM] OCS un-install should make the devices raw\n1870338 - OCS 4.6 must-gather : ocs-must-gather-xxx-helper pod in ContainerCreationError (couldn\u0027t find key admin-secret)\n1870631 - OCS 4.6 Deployment : RGW pods went into \u0027CrashLoopBackOff\u0027 state on Z Platform\n1872119 - Updates don\u0027t work on StorageClass which will keep PV expansion disabled for upgraded cluster\n1872696 - [ROKS][RFE]NooBaa Configure IBM COS as default backing store\n1873864 - Noobaa: On an baremetal RHCOS cluster, some backingstores are stuck in PROGRESSING state with INVALID_ENDPOINT TemporaryError\n1874606 - CVE-2020-7720 nodejs-node-forge: prototype pollution via the util.setPath function\n1875476 - Change noobaa logo in the noobaa UI\n1877339 - Incorrect use of logr\n1877371 - NooBaa UI warning message on Deploy Kubernetes Pool process - typo and shown number is incorrect\n1878153 - OCS 4.6 must-gather: collect node information under cluster_scoped_resources/oc_output directory\n1878714 - [FIPS enabled] BadDigest error on file upload to noobaa bucket\n1878853 - [External Mode] ceph-external-cluster-details-exporter.py does not tolerate TLS enabled RGW\n1879008 - ocs-osd-removal job fails because it can\u0027t find admin-secret in rook-ceph-mon secret\n1879072 - Deployment with encryption at rest is failing to bring up OSD pods\n1879919 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed\n1880255 - Collect rbd info and subvolume info and snapshot info command output\n1881028 - CVE-2020-8237 nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS\n1881071 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed\n1882397 - MCG decompression problem with snappy on s390x arch\n1883253 - CSV doesn\u0027t contain values required for UI to enable minimal deployment and cluster encryption\n1883398 - Update csi sidecar containers in rook\n1883767 - Using placement strategies in cluster-service.yaml causes ocs-operator to crash\n1883810 - [External mode] RGW metrics is not available after OCS upgrade from 4.5 to 4.6\n1883927 - Deployment with encryption at rest is failing to bring up OSD pods\n1885175 - Handle disappeared underlying device for encrypted OSD\n1885428 - panic seen in rook-ceph during uninstall - \"close of closed channel\"\n1885648 - [Tracker for https://bugzilla.redhat.com/show_bug.cgi?id=1885700] FSTYPE for localvolumeset devices shows up as ext2 after uninstall\n1885971 - ocs-storagecluster-cephobjectstore doesn\u0027t report true state of RGW\n1886308 - Default VolumeSnapshot Classes not created in External Mode\n1886348 - osd removal job failed with status \"Error\"\n1886551 - Clone creation failed after timeout of 5 hours of Azure platrom for 3 CephFS PVCs ( PVC sizes: 1, 25 and 100 GB)\n1886709 - [External] RGW storageclass disappears after upgrade from OCS 4.5 to 4.6\n1886859 - OCS 4.6: Uninstall stuck indefinitely if any Ceph pods are in Pending state before uninstall\n1886873 - [OCS 4.6 External/Internal Uninstall] - Storage Cluster deletion stuck indefinitely, \"failed to delete object store\", remaining users: [noobaa-ceph-objectstore-user]\n1888583 - [External] When deployment is attempted without specifying the monitoring-endpoint while generating JSON, the CSV is stuck in installing state\n1888593 - [External] Add validation for monitoring-endpoint and port in the exporter script\n1888614 - [External] Unreachable monitoring-endpoint used during deployment causes ocs-operator to crash\n1889441 - Traceback error message while running OCS 4.6 must-gather\n1889683 - [GSS] Noobaa Problem when setting public access to a bucket\n1889866 - Post node power off/on, an unused MON PVC still stays back in the cluster\n1890183 - [External] ocs-operator logs are filled with \"failed to reconcile metrics exporter\"\n1890638 - must-gather helper pod should be deleted after collecting ceph crash info\n1890971 - [External] RGW metrics are not available if anything else except 9283 is provided as the monitoring-endpoint-port\n1891856 - ocs-metrics-exporter pod should have tolerations for OCS taint\n1892206 - [GSS] Ceph image/version mismatch\n1892234 - clone #95 creation failed for CephFS PVC ( 10 GB PVC size) during multiple clones creation test\n1893624 - Must Gather is not collecting the tar file from NooBaa diagnose\n1893691 - OCS4.6 must_gather failes to complete in 600sec\n1893714 - Bad response for upload an object with encryption\n1895402 - Mon pods didn\u0027t get upgraded in 720 second timeout from OCS 4.5 upgrade to 4.6\n1896298 - [RFE] Monitoring for Namespace buckets and resources\n1896831 - Clone#452 for RBD PVC ( PVC size 1 GB) failed to be created for 600 secs\n1898521 - [CephFS] Deleting cephfsplugin pod along with app pods will make PV remain in Released state after deleting the PVC\n1902627 - must-gather should wait for debug pods to be in ready state\n1904171 - RGW Service is unavailable for a short period during upgrade to OCS 4.6\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-10103\nhttps://access.redhat.com/security/cve/CVE-2018-10105\nhttps://access.redhat.com/security/cve/CVE-2018-14461\nhttps://access.redhat.com/security/cve/CVE-2018-14462\nhttps://access.redhat.com/security/cve/CVE-2018-14463\nhttps://access.redhat.com/security/cve/CVE-2018-14464\nhttps://access.redhat.com/security/cve/CVE-2018-14465\nhttps://access.redhat.com/security/cve/CVE-2018-14466\nhttps://access.redhat.com/security/cve/CVE-2018-14467\nhttps://access.redhat.com/security/cve/CVE-2018-14468\nhttps://access.redhat.com/security/cve/CVE-2018-14469\nhttps://access.redhat.com/security/cve/CVE-2018-14470\nhttps://access.redhat.com/security/cve/CVE-2018-14879\nhttps://access.redhat.com/security/cve/CVE-2018-14880\nhttps://access.redhat.com/security/cve/CVE-2018-14881\nhttps://access.redhat.com/security/cve/CVE-2018-14882\nhttps://access.redhat.com/security/cve/CVE-2018-16227\nhttps://access.redhat.com/security/cve/CVE-2018-16228\nhttps://access.redhat.com/security/cve/CVE-2018-16229\nhttps://access.redhat.com/security/cve/CVE-2018-16230\nhttps://access.redhat.com/security/cve/CVE-2018-16300\nhttps://access.redhat.com/security/cve/CVE-2018-16451\nhttps://access.redhat.com/security/cve/CVE-2018-16452\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-1551\nhttps://access.redhat.com/security/cve/CVE-2019-5018\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-11068\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15165\nhttps://access.redhat.com/security/cve/CVE-2019-15166\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2019-16935\nhttps://access.redhat.com/security/cve/CVE-2019-18197\nhttps://access.redhat.com/security/cve/CVE-2019-18609\nhttps://access.redhat.com/security/cve/CVE-2019-19221\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20218\nhttps://access.redhat.com/security/cve/CVE-2019-20387\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2019-20916\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-1751\nhttps://access.redhat.com/security/cve/CVE-2020-1752\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-6405\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-7720\nhttps://access.redhat.com/security/cve/CVE-2020-8177\nhttps://access.redhat.com/security/cve/CVE-2020-8237\nhttps://access.redhat.com/security/cve/CVE-2020-8492\nhttps://access.redhat.com/security/cve/CVE-2020-9327\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/cve/CVE-2020-14019\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-15586\nhttps://access.redhat.com/security/cve/CVE-2020-16845\nhttps://access.redhat.com/security/cve/CVE-2020-25660\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX9yeRtzjgjWX9erEAQhKqg//WVp+fmCNgDoozXxpMDkvwSjyEP8wbySG\n6wxQcsechzpRP9/+1f6bmq61lsOcZG6RXLEXawJT7Enhu42xsJ10UEsZbvQDqxVA\nKXAGqNQus9PYN9pjUwdjcWUazqjwjtJ9E7D1cReoph7rc3+OghIqC/lwv29VSy+X\nsM42m+FpEvdzSYtYCwuh8Nj7HdIZKT8Oo1fMFHik7TgYnJm3GXLPagHbqnLXq0Kj\nqww4ChW4+pFpfxgBgXWCJYZVRAK0Cb/LjjylK/dG0cdCBECoC2olqH6KLbADdyIv\ng1t9YqzcqcL/A3ZJd5icmt7OUhcHE+S3QOE53KCf8ew2IVT8rMgY1sZBU+TH3wVx\nVz8AHfWB25yvfermFRzOY9WcVGQuDiWK19NYBxtIrE5HniAJ6rszhz5HWEOOT1Qm\na6fc0CRkAz2dtkxF06TFFTBKWzXJeICtnqGlBmzbgRMf9hV3UZVJj28p/5SHzpJ7\nMF2EfwEk2FtM6AWba7nXFaD61bTswBtJZAdoOVDnqkrK0Hmrw1kXUz+2DYRtEU0c\n7kfeqJ91cKj/9DBhxN6n4rJob+wxkp1Ew8gShbqBdlLHmN9lO0b/bNmXexKwzlxJ\n+KmOX/5IcXfDY3bOjbkvSNdWlDxJl/hKyJNP1uHCZVgNP+oekELOit+xwr2oj/BJ\nc2GmqBqesbg=\n=MfHM\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nDownload the release images via:\n\nquay.io/redhat/quay:v3.3.3\nquay.io/redhat/clair-jwt:v3.3.3\nquay.io/redhat/quay-builder:v3.3.3\nquay.io/redhat/clair:v3.3.3\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1905758 - CVE-2020-27831 quay: email notifications authorization bypass\n1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1124 - NVD feed is broken for latest Clair v2 version\n\n6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202007-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebKitGTK+: Multiple vulnerabilities\n Date: July 26, 2020\n Bugs: #732104\n ID: 202007-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebKitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.28.3 \u003e= 2.28.3\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.28.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-13753\n https://nvd.nist.gov/vuln/detail/CVE-2020-13753\n[ 2 ] CVE-2020-9802\n https://nvd.nist.gov/vuln/detail/CVE-2020-9802\n[ 3 ] CVE-2020-9803\n https://nvd.nist.gov/vuln/detail/CVE-2020-9803\n[ 4 ] CVE-2020-9805\n https://nvd.nist.gov/vuln/detail/CVE-2020-9805\n[ 5 ] CVE-2020-9806\n https://nvd.nist.gov/vuln/detail/CVE-2020-9806\n[ 6 ] CVE-2020-9807\n https://nvd.nist.gov/vuln/detail/CVE-2020-9807\n[ 7 ] CVE-2020-9843\n https://nvd.nist.gov/vuln/detail/CVE-2020-9843\n[ 8 ] CVE-2020-9850\n https://nvd.nist.gov/vuln/detail/CVE-2020-9850\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202007-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-05-26-10 iCloud for Windows 7.19\n\niCloud for Windows 7.19 is now available and addresses the following:\n\nImageIO\nAvailable for: Windows 7 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9789: Wenchao Li of VARAS@IIE\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nImageIO\nAvailable for: Windows 7 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\nSQLite\nAvailable for: Windows 7 and later\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9805: an anonymous researcher\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\nAdditional recognition\n\nImageIO\nWe would like to acknowledge Lei Sun for their assistance. \n\nWebKit\nWe would like to acknowledge Aidan Dunlap of UT Austin for their\nassistance. \n\nThe compliance-operator image updates are now available for OpenShift\nContainer Platform 4.6. \n\nThis advisory provides the following updates among others:\n\n* Enhances profile parsing time. \n* Fixes excessive resource consumption from the Operator. \n* Fixes default content image. \n* Fixes outdated remediation handling. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918990 - ComplianceSuite scans use quay content image for initContainer\n1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present\n1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules\n1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. Bugs fixed (https://bugzilla.redhat.com/):\n\n1823765 - nfd-workers crash under an ipv6 environment\n1838802 - mysql8 connector from operatorhub does not work with metering operator\n1838845 - Metering operator can\u0027t connect to postgres DB from Operator Hub\n1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1868294 - NFD operator does not allow customisation of nfd-worker.conf\n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n1890672 - NFD is missing a build flag to build correctly\n1890741 - path to the CA trust bundle ConfigMap is broken in report operator\n1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster\n1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel\n1900125 - FIPS error while generating RSA private key for CA\n1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub\n1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub\n1913837 - The CI and ART 4.7 metering images are not mirrored\n1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le\n1916010 - olm skip range is set to the wrong range\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923998 - NFD Operator is failing to update and remains in Replacing state\n\n5. \n\nCVE-2020-9850\n\n @jinmo123, @setuid0x0_, and @insu_yun_en discovered that a remote\n attacker may be able to cause arbitrary code execution. \n\nCVE-2020-13753\n\n Milan Crha discovered that an attacker may be able to execute\n commands outside the bubblewrap sandbox. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.28.3-2~deb10u1. \n\nWe recommend that you upgrade your webkit2gtk packages. \n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8PaKUACgkQEMKTtsN8\nTjaf3hAAjZCKrikC4P1I/xiuL6kRepTjURi3zeZl3YywPCFLi/irWXX+5U+ejZoM\nkek3wtdJc1thN8w9BbXhOVyLferb/xfnt5jUVtZ6JBNDKKWGXoTY0Qfdu2lH0vw5\nIV1lf5bvOdawrw/tVS9Uy3dTN1kXEBZ3q3XCpRXrBWEkrXtWG/yznGy0duebnI5h\nPM7D6R4PIKiCB3HBe9rszCIQrYcGQ/U3x8a/FPnPUO2TCRfVZG918M9yO1fN1v2R\n+08h0DcOU8ggIJQwJA9hm/V3mJWpTayHh/ouTI8PrIcwG0T2/qbtUm/9cj0wvmXW\nId+RgXtQAyKeXQoXD5oP9jzVDgmm7rn03Rn2FX5hzAdTJAqdvT/Mr4IDNcOgdS8O\nwXmGprdRvMzx0gXO5YpeTuhjQiCZS1fB9ByIOMq/7lIjpiBctrhTZQvlSMMyauIQ\nP7tTTT8zCZo0DIQc/c2KyCXlD9/ORZm801U5wpXwPXT9Zq8wRAp5PodK/4plOzKc\nJyJiPI6BR41+31C438nl3wifO/wLh8+6nHAb2rkRQSe6Tu9SKyqOmYT9Ev6JZi/1\nR8NMBFSmTYM/XUv5ECsTeL3uLvDnCpKAR0EnWz5z1Cqy2AYzEthEf+1dwXAooYvO\n2johOWMaUrSWJMsYdZjTFEahaCSO5oPTDlbZCB2yIgpc6P70irU=\n=L5lA\n-----END PGP SIGNATURE-----\n. Description:\n\nService Telemetry Framework (STF) provides automated collection of\nmeasurements and data from remote clients, such as Red Hat OpenStack\nPlatform or third-party nodes. \nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-9843" }, { "db": "JVNDB", "id": "JVNDB-2020-006158" }, { "db": "VULHUB", "id": "VHN-187968" }, { "db": "VULMON", "id": "CVE-2020-9843" }, { "db": "PACKETSTORM", "id": "160624" }, { "db": "PACKETSTORM", "id": "160889" }, { "db": "PACKETSTORM", "id": "158572" }, { "db": "PACKETSTORM", "id": "157881" }, { "db": "PACKETSTORM", "id": "161429" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "PACKETSTORM", "id": "168878" }, { "db": "PACKETSTORM", "id": "168011" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-9843", "trust": 3.4 }, { "db": "PACKETSTORM", "id": "158572", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98042162", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-006158", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202005-1255", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157881", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.4513", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2403", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2509", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2419", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1025", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0864", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0584", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2610", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0099", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1870", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0234", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3893", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0691", "trust": 0.6 }, { "db": "NSFOCUS", "id": "49304", "trust": 0.6 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2020/07/10/1", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2020-43687", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-187968", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-9843", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160624", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "160889", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161429", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161536", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168878", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168011", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-187968" }, { "db": "VULMON", "id": "CVE-2020-9843" }, { "db": "JVNDB", "id": "JVNDB-2020-006158" }, { "db": "PACKETSTORM", "id": "160624" }, { "db": "PACKETSTORM", "id": "160889" }, { "db": "PACKETSTORM", "id": "158572" }, { "db": "PACKETSTORM", "id": "157881" }, { "db": "PACKETSTORM", "id": "161429" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "PACKETSTORM", "id": "168878" }, { "db": "PACKETSTORM", "id": "168011" }, { "db": "CNNVD", "id": "CNNVD-202005-1255" }, { "db": "NVD", "id": "CVE-2020-9843" } ] }, "id": "VAR-202006-1636", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-187968" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:17:58.689000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT211179", "trust": 0.8, "url": "https://support.apple.com/en-us/ht211179" }, { "title": "HT211181", "trust": 0.8, "url": "https://support.apple.com/en-us/ht211181" }, { "title": "HT211168", "trust": 0.8, "url": "https://support.apple.com/en-us/ht211168" }, { "title": "HT211171", "trust": 0.8, "url": "https://support.apple.com/en-us/ht211171" }, { "title": "HT211175", "trust": 0.8, "url": "https://support.apple.com/en-us/ht211175" }, { "title": "HT211177", "trust": 0.8, "url": "https://support.apple.com/en-us/ht211177" }, { "title": "HT211178", "trust": 0.8, "url": "https://support.apple.com/en-us/ht211178" }, { "title": "HT211181", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht211181" }, { "title": "HT211168", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht211168" }, { "title": "HT211171", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht211171" }, { "title": "HT211175", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht211175" }, { "title": "HT211177", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht211177" }, { "title": "HT211178", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht211178" }, { "title": "HT211179", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht211179" }, { "title": "Multiple Apple product WebKit Fixes for component cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121120" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2020/05/28/apple_may_updates/" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-9843 log" }, { "title": "Debian Security Advisories: DSA-4724-1 webkit2gtk -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=dea2e0f2e732c4316e7997209f1f239a" }, { "title": "Red Hat: Moderate: GNOME security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204451 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210050 - security advisory" }, { "title": "Red Hat: Important: Service Telemetry Framework 1.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225924 - security advisory" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210436 - security advisory" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210190 - security advisory" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220056 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205605 - security advisory" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-9843" }, { "db": "JVNDB", "id": "JVNDB-2020-006158" }, { "db": "CNNVD", "id": "CNNVD-202005-1255" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-187968" }, { "db": "JVNDB", "id": "JVNDB-2020-006158" }, { "db": "NVD", "id": "CVE-2020-9843" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://support.apple.com/ht211168" }, { "trust": 1.8, "url": "https://support.apple.com/ht211171" }, { "trust": 1.8, "url": "https://support.apple.com/ht211175" }, { "trust": 1.8, "url": "https://support.apple.com/ht211177" }, { "trust": 1.8, "url": "https://support.apple.com/ht211178" }, { "trust": 1.8, "url": "https://support.apple.com/ht211179" }, { "trust": 1.8, "url": "https://support.apple.com/ht211181" }, { "trust": 1.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9843" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9843" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98042162/index.html" }, { "trust": 0.7, "url": "https://www.debian.org/security/2020/dsa-4724" }, { "trust": 0.7, "url": "https://security.gentoo.org/glsa/202007-11" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ger2atkzxdhm7ffyjh67zpnzzx5vouvm/" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/4422-1/" }, { "trust": 0.6, "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jdbxq2xa6x4dp4ytpxbomkslwued2kar/" }, { "trust": 0.6, "url": "http://www.openwall.com/lists/oss-security/2020/07/10/1" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1025" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1870/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/49304" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0864" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht211179" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht211178" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-32802" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2403/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0691" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2610/" }, { "trust": 0.6, "url": "https://support.apple.com/kb/ht211178" }, { "trust": 0.6, "url": "https://support.apple.com/kb/ht211177" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2419/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4513/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0099/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0234/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0584" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158572/gentoo-linux-security-advisory-202007-11.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2509/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157881/apple-security-advisory-2020-05-26-10.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3893/" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-13050" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9925" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9802" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9895" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8625" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8812" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3899" }, { "trust": 0.5, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8819" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3867" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8720" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9893" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8808" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3902" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3900" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9805" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8820" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9807" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8769" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8710" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8813" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9850" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8811" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9803" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9862" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3885" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-15503" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-10018" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8835" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8764" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8844" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3865" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-1730" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3864" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-14391" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3862" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3901" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8823" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3895" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-11793" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-20454" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9894" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8816" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9843" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-13627" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8771" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3897" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9806" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8814" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-14889" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8743" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-9915" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8815" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8783" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-20807" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8766" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8846" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3868" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-3894" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-8782" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20907" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20218" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20388" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-15165" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14382" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-19221" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-1751" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-7595" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-16168" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-9327" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-16935" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20916" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-5018" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-19956" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14422" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-19906" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-20387" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-1752" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-15903" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-8492" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2018-20843" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-6405" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-13632" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10029" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-13630" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-13631" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-1971" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-24659" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9807" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9806" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9805" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9803" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9802" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9850" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-18197" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8177" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-1551" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14040" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-11068" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13753" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://security.archlinux.org/cve-2020-9843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16300" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10105" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15166" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16230" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18609" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16229" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14882" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16227" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14461" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14464" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14880" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5605" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25660" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14468" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14467" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14462" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14881" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16451" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10103" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16228" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14463" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14879" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14019" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14470" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885700]" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14465" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16452" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8237" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27831" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27832" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9800" }, { "trust": 0.1, "url": "https://support.apple.com/ht204283" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9789" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3878" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9794" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9790" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1551" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20386" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28362" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0436" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhea-2020:5633" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8624" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13225" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8566" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25211" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5635" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15157" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15999" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17546" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3884" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3884" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8622" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13225" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3121" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8619" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-3898" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/webkit2gtk" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30761" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-10228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33938" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9952" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24407" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1271" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36222" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3326" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20305" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22946" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000858" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-14502" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29361" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3518" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33930" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3541" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33929" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29362" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8927" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3520" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22947" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3521" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3537" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30666" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3517" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33928" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-30631" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23852" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3516" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:5924" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25013" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0778" } ], "sources": [ { "db": "VULHUB", "id": "VHN-187968" }, { "db": "VULMON", "id": "CVE-2020-9843" }, { "db": "JVNDB", "id": "JVNDB-2020-006158" }, { "db": "PACKETSTORM", "id": "160624" }, { "db": "PACKETSTORM", "id": "160889" }, { "db": "PACKETSTORM", "id": "158572" }, { "db": "PACKETSTORM", "id": "157881" }, { "db": "PACKETSTORM", "id": "161429" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "PACKETSTORM", "id": "168878" }, { "db": "PACKETSTORM", "id": "168011" }, { "db": "CNNVD", "id": "CNNVD-202005-1255" }, { "db": "NVD", "id": "CVE-2020-9843" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-187968" }, { "db": "VULMON", "id": "CVE-2020-9843" }, { "db": "JVNDB", "id": "JVNDB-2020-006158" }, { "db": "PACKETSTORM", "id": "160624" }, { "db": "PACKETSTORM", "id": "160889" }, { "db": "PACKETSTORM", "id": "158572" }, { "db": "PACKETSTORM", "id": "157881" }, { "db": "PACKETSTORM", "id": "161429" }, { "db": "PACKETSTORM", "id": "161536" }, { "db": "PACKETSTORM", "id": "168878" }, { "db": "PACKETSTORM", "id": "168011" }, { "db": "CNNVD", "id": "CNNVD-202005-1255" }, { "db": "NVD", "id": "CVE-2020-9843" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-09T00:00:00", "db": "VULHUB", "id": "VHN-187968" }, { "date": "2020-06-09T00:00:00", "db": "VULMON", "id": "CVE-2020-9843" }, { "date": "2020-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-006158" }, { "date": "2020-12-18T19:14:41", "db": "PACKETSTORM", "id": "160624" }, { "date": "2021-01-11T16:29:48", "db": "PACKETSTORM", "id": "160889" }, { "date": "2020-07-27T18:15:45", "db": "PACKETSTORM", "id": "158572" }, { "date": "2020-05-29T19:06:06", "db": "PACKETSTORM", "id": "157881" }, { "date": "2021-02-16T15:44:48", "db": "PACKETSTORM", "id": "161429" }, { "date": "2021-02-25T15:26:54", "db": "PACKETSTORM", "id": "161536" }, { "date": "2020-07-28T19:12:00", "db": "PACKETSTORM", "id": "168878" }, { "date": "2022-08-09T14:36:05", "db": "PACKETSTORM", "id": "168011" }, { "date": "2020-05-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1255" }, { "date": "2020-06-09T17:15:14.863000", "db": "NVD", "id": "CVE-2020-9843" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-01-09T00:00:00", "db": "VULHUB", "id": "VHN-187968" }, { "date": "2022-03-31T00:00:00", "db": "VULMON", "id": "CVE-2020-9843" }, { "date": "2020-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-006158" }, { "date": "2022-03-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-1255" }, { "date": "2023-01-09T16:41:59.350000", "db": "NVD", "id": "CVE-2020-9843" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "160624" }, { "db": "PACKETSTORM", "id": "168011" }, { "db": "CNNVD", "id": "CNNVD-202005-1255" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Apple Product input validation vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-006158" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "xss", "sources": [ { "db": "PACKETSTORM", "id": "160889" }, { "db": "CNNVD", "id": "CNNVD-202005-1255" } ], "trust": 0.7 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.