var-202006-1838
Vulnerability from variot
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An attacker could exploit this vulnerability to cause a denial of service. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
This update fixes the following bug among others:
- Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)
Security Fix(es):
- gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing
- ========================================================================= Ubuntu Security Notice USN-4602-2 October 27, 2020
perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Perl.
Software Description: - perl: Practical Extraction and Report Language
Details:
USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543)
Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878)
Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: perl 5.18.2-2ubuntu1.7+esm3
Ubuntu 12.04 ESM: perl 5.14.2-6ubuntu2.11
In general, a standard system update will make all the necessary changes. Description:
Security Fix(es):
- Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
- Upgraded to a more recent version of Django to address CVE-2021-3281.
- Upgraded to a more recent version of autobahn to address CVE-2020-35678.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7.
- Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions.
- Fixed several issues related to how Tower rotates its log files.
- Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales.
- Fixed a bug which can cause unanticipated delays in certain playbook output.
- Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data.
- Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected.
- Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified.
- Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
- Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Bugs fixed (https://bugzilla.redhat.com/):
1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape
-
7.4) - noarch, x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0343-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0343 Issue date: 2021-02-02 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary:
An update for perl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
Security Fix(es):
-
perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)
-
perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)
-
perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
ppc64: perl-5.16.3-299.el7_9.ppc64.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm perl-core-5.16.3-299.el7_9.ppc64.rpm perl-debuginfo-5.16.3-299.el7_9.ppc.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-devel-5.16.3-299.el7_9.ppc.rpm perl-devel-5.16.3-299.el7_9.ppc64.rpm perl-libs-5.16.3-299.el7_9.ppc.rpm perl-libs-5.16.3-299.el7_9.ppc64.rpm perl-macros-5.16.3-299.el7_9.ppc64.rpm
ppc64le: perl-5.16.3-299.el7_9.ppc64le.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm perl-core-5.16.3-299.el7_9.ppc64le.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-devel-5.16.3-299.el7_9.ppc64le.rpm perl-libs-5.16.3-299.el7_9.ppc64le.rpm perl-macros-5.16.3-299.el7_9.ppc64le.rpm
s390x: perl-5.16.3-299.el7_9.s390x.rpm perl-Time-Piece-1.20.1-299.el7_9.s390x.rpm perl-core-5.16.3-299.el7_9.s390x.rpm perl-debuginfo-5.16.3-299.el7_9.s390.rpm perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-devel-5.16.3-299.el7_9.s390.rpm perl-devel-5.16.3-299.el7_9.s390x.rpm perl-libs-5.16.3-299.el7_9.s390.rpm perl-libs-5.16.3-299.el7_9.s390x.rpm perl-macros-5.16.3-299.el7_9.s390x.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-tests-5.16.3-299.el7_9.ppc64.rpm
ppc64le: perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-tests-5.16.3-299.el7_9.ppc64le.rpm
s390x: perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-tests-5.16.3-299.el7_9.s390x.rpm
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k 54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2 qwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm Awac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp 42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K RerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm AKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S aoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf /LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ Ip3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73 N83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S HB63T1smQXA=Oj1P -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1838", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.2.0" }, { "model": "configuration manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.2.0.8" }, { "model": "communications performance intelligence center", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "10.3.0.0.0" }, { "model": "communications eagle application processor", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.1.0" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "communications diameter signaling router", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "perl", "scope": "lt", "trust": 1.0, "vendor": "perl", "version": "5.30.3" }, { "model": "communications performance intelligence center", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "10.3.0.2.1" }, { "model": "tekelec platform distribution", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "7.7.1" }, { "model": "communications performance intelligence center", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "10.4.0.1.0" }, { "model": "tekelec platform distribution", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "7.4.0" }, { "model": "communications lsms", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "13.4" }, { "model": "communications eagle lnp application processor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "46.7" }, { "model": "sd-wan edge", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.1" }, { "model": "communications eagle application processor", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "16.4.0" }, { "model": "communications eagle lnp application processor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.1" }, { "model": "communications eagle lnp application processor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "46.8" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "31" }, { "model": "communications performance intelligence center", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "10.4.0.3.1" }, { "model": "communications lsms", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "13.1" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "communications eagle lnp application processor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.2" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "communications diameter signaling router", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0" }, { "model": "communications eagle lnp application processor", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "46.9" }, { "model": "sd-wan edge", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "sd-wan edge", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10543" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:x86:*", "cpe_name": [], "versionEndExcluding": "5.30.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.7.1", "versionStartIncluding": "7.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.4", "versionStartIncluding": "13.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "16.4.0", "versionStartIncluding": "16.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.4.0.3.1", "versionStartIncluding": "10.4.0.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.3.0.2.1", "versionStartIncluding": "10.3.0.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10543" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162650" }, { "db": "PACKETSTORM", "id": "163188" }, { "db": "PACKETSTORM", "id": "162877" }, { "db": "PACKETSTORM", "id": "161728" }, { "db": "PACKETSTORM", "id": "162245" }, { "db": "PACKETSTORM", "id": "161255" }, { "db": "CNNVD", "id": "CNNVD-202006-145" } ], "trust": 1.2 }, "cve": "CVE-2020-10543", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-163032", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2020-10543", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 4.2, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-10543", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202006-145", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-163032", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-10543", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-163032" }, { "db": "VULMON", "id": "CVE-2020-10543" }, { "db": "CNNVD", "id": "CNNVD-202006-145" }, { "db": "NVD", "id": "CVE-2020-10543" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An attacker could exploit this vulnerability to cause a denial of service. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\" \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. =========================================================================\nUbuntu Security Notice USN-4602-2\nOctober 27, 2020\n\nperl vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nUSN-4602-1 fixed several vulnerabilities in Perl. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\n\nOriginal advisory details:\n\n ManhND discovered that Perl incorrectly handled certain regular\n expressions. In environments where untrusted regular expressions are\n evaluated, a remote attacker could possibly use this issue to cause Perl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2020-10543)\n\n Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly\n handled certain regular expressions. In environments where untrusted\n regular expressions are evaluated, a remote attacker could possibly use\n this issue to cause Perl to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2020-10878)\n\n Sergey Aleynikov discovered that Perl incorrectly handled certain regular\n expressions. In environments where untrusted regular expressions are\n evaluated, a remote attacker could possibly use this issue to cause Perl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2020-12723)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n perl 5.18.2-2ubuntu1.7+esm3\n\nUbuntu 12.04 ESM:\n perl 5.14.2-6ubuntu2.11\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nSecurity Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to\nelevate to the awx user from outside the isolated environment:\nCVE-2021-20253\n* Upgraded to a more recent version of Django to address CVE-2021-3281. \n* Upgraded to a more recent version of autobahn to address CVE-2020-35678. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Upgraded to the latest oVirt inventory plugin to resolve a number of\ninventory syncing issues that can occur on RHEL7. \n* Upgraded to the latest theforeman.foreman inventory plugin to resolve a\nfew bugs and performance regressions. \n* Fixed several issues related to how Tower rotates its log files. \n* Fixed a bug which can prevent Tower from installing on RHEL8 with certain\nnon-en_US.UTF-8 locales. \n* Fixed a bug which can cause unanticipated delays in certain playbook\noutput. \n* Fixed a bug which can cause job runs to fail for playbooks that print\ncertain types of raw binary data. \n* Fixed a bug which can cause unnecessary records in the Activity Stream\nwhen Automation Analytics data is collected. \n* Fixed a bug which can cause Tower PostgreSQL backups to fail when a\nnon-default PostgreSQL username is specified. \n* Fixed a bug which can intermittently cause access to encrypted Tower\nsettings to fail, resulting in failed job launches. \n* Fixed a bug which can cause certain long-running jobs running on isolated\nnodes to unexpectedly fail. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract()\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. 7.4) - noarch, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: perl security update\nAdvisory ID: RHSA-2021:0343-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0343\nIssue date: 2021-02-02\nCVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723\n====================================================================\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to\nDoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to recursive S_study_chunk() calls leads to DoS\n(CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nppc64:\nperl-5.16.3-299.el7_9.ppc64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm\nperl-core-5.16.3-299.el7_9.ppc64.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-devel-5.16.3-299.el7_9.ppc.rpm\nperl-devel-5.16.3-299.el7_9.ppc64.rpm\nperl-libs-5.16.3-299.el7_9.ppc.rpm\nperl-libs-5.16.3-299.el7_9.ppc64.rpm\nperl-macros-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-5.16.3-299.el7_9.ppc64le.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm\nperl-core-5.16.3-299.el7_9.ppc64le.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-devel-5.16.3-299.el7_9.ppc64le.rpm\nperl-libs-5.16.3-299.el7_9.ppc64le.rpm\nperl-macros-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-5.16.3-299.el7_9.s390x.rpm\nperl-Time-Piece-1.20.1-299.el7_9.s390x.rpm\nperl-core-5.16.3-299.el7_9.s390x.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-devel-5.16.3-299.el7_9.s390.rpm\nperl-devel-5.16.3-299.el7_9.s390x.rpm\nperl-libs-5.16.3-299.el7_9.s390.rpm\nperl-libs-5.16.3-299.el7_9.s390x.rpm\nperl-macros-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-tests-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-tests-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-tests-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-12723\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k\n54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2\nqwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm\nAwac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp\n42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K\nRerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm\nAKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S\naoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf\n/LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ\nIp3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73\nN83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S\nHB63T1smQXA=Oj1P\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2020-10543" }, { "db": "VULHUB", "id": "VHN-163032" }, { "db": "VULMON", "id": "CVE-2020-10543" }, { "db": "PACKETSTORM", "id": "162650" }, { "db": "PACKETSTORM", "id": "163188" }, { "db": "PACKETSTORM", "id": "162877" }, { "db": "PACKETSTORM", "id": "159726" }, { "db": "PACKETSTORM", "id": "161728" }, { "db": "PACKETSTORM", "id": "162245" }, { "db": "PACKETSTORM", "id": "161255" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10543", "trust": 2.5 }, { "db": "PACKETSTORM", "id": "159726", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162650", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162877", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "161728", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "161255", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162245", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "163188", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162021", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158058", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "159707", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "162837", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "161656", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "161843", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202006-145", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021042131", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052031", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072136", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021092220", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072268", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "163586", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1338", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0791", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2604", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2781", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0925", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1725", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0371", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1096", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2180", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0845", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1820", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1866", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2469", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "161727", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "161726", "trust": 0.1 }, { "db": "CNVD", "id": "CNVD-2020-37944", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-163032", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-10543", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163032" }, { "db": "VULMON", "id": "CVE-2020-10543" }, { "db": "PACKETSTORM", "id": "162650" }, { "db": "PACKETSTORM", "id": "163188" }, { "db": "PACKETSTORM", "id": "162877" }, { "db": "PACKETSTORM", "id": "159726" }, { "db": "PACKETSTORM", "id": "161728" }, { "db": "PACKETSTORM", "id": "162245" }, { "db": "PACKETSTORM", "id": "161255" }, { "db": "CNNVD", "id": "CNNVD-202006-145" }, { "db": "NVD", "id": "CVE-2020-10543" } ] }, "id": "VAR-202006-1838", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-163032" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:25:57.515000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Perl Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122040" }, { "title": "editorGambasDelta", "trust": 0.2, "url": "https://github.com/d5n9smatrix/editorgambasdelta " }, { "title": "Red Hat: Moderate: perl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210343 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=babe2a0596ddd17a5ad75cd3c30c45ff" }, { "title": "Amazon Linux 2: ALAS2-2021-1610", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1610" }, { "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210607 - security advisory" }, { "title": "IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=08f19f0be4d5dcf7486e5abcdb671477" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d" }, { "title": "visualGambasDelta", "trust": 0.1, "url": "https://github.com/d5n9smatrix/visualgambasdelta " }, { "title": "perl5283delta", "trust": 0.1, "url": "https://github.com/d5n9smatrix/perl5283delta " }, { "title": "CICD_CloudBuild_01", "trust": 0.1, "url": "https://github.com/pbavinck/cicd_cloudbuild_01 " }, { "title": "gcr-kritis-signer", "trust": 0.1, "url": "https://github.com/binxio/gcr-kritis-signer " }, { "title": "gcp-kritis-signer", "trust": 0.1, "url": "https://github.com/binxio/gcp-kritis-signer " }, { "title": "litecoin-automation", "trust": 0.1, "url": "https://github.com/gzukel/litecoin-automation " }, { "title": "", "trust": 0.1, "url": "https://github.com/d5n9smatrix/perltoc " }, { "title": "", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " }, { "title": "snykout", "trust": 0.1, "url": "https://github.com/garethr/snykout " }, { "title": "myapp-container-jaxrs", "trust": 0.1, "url": "https://github.com/akiraabe/myapp-container-jaxrs " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-10543" }, { "db": "CNNVD", "id": "CNNVD-202006-145" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.1 }, { "problemtype": "CWE-787", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163032" }, { "db": "NVD", "id": "CVE-2020-10543" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.7, "url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod" }, { "trust": 1.7, "url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3" }, { "trust": 1.7, "url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20200611-0001/" }, { "trust": 1.7, "url": "https://security.gentoo.org/glsa/202006-03" }, { "trust": 1.7, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10543" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2020-10878" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162650/red-hat-security-advisory-2021-1678-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161255/red-hat-security-advisory-2021-0343-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1866" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1820" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072268" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1725" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052031" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0371/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2781" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1096" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042131" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2180" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161656/red-hat-security-advisory-2021-0719-01.html" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujul2021.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-perl-affect-aix-cve-2020-10543-cve-2020-10878-and-cve-2020-12723/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163188/red-hat-security-advisory-2021-2461-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161728/red-hat-security-advisory-2021-0780-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0925" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158058/gentoo-linux-security-advisory-202006-03.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/161843/red-hat-security-advisory-2021-0883-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159707/ubuntu-security-notice-usn-4602-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1338" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021092220" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072136" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2469" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162021/red-hat-security-advisory-2021-1032-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162245/red-hat-security-advisory-2021-1266-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0845" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2604" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0791" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162837/red-hat-security-advisory-2021-2136-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162877/red-hat-security-advisory-2021-2121-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163586/red-hat-security-advisory-2021-2792-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159726/ubuntu-security-notice-usn-4602-2.html" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/perl-core-buffer-overflow-via-nested-regular-expression-quantifiers-32365" }, { "trust": 0.5, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-12723" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8286" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-28196" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-15358" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-13434" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25037" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-3842" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-13776" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24977" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8231" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-29362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-28935" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25034" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8285" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25035" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9169" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14866" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26116" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25038" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26137" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-29361" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24330" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25042" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-12362" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25032" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25041" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25036" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-27619" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-25215" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3177" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24331" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3326" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25013" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-2708" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-23336" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8927" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-29363" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24332" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25039" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-25040" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-10228" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-8284" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-27618" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1678" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21639" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28092" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-14502" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21309" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21640" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28918" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3543" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3501" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25648" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8648" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27170" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25692" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3347" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3114" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28362" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12364" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2461" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36322" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12114" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25712" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13543" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9951" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25704" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36242" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3121" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9948" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13012" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13584" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18811" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14360" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21645" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27783" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19528" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12464" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14314" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25659" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14356" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21643" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27786" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25643" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9983" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24394" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-0431" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-0342" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30465" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14345" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14344" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14362" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21644" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14361" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25285" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35508" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25212" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28974" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2121" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15437" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25284" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14346" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2122" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11608" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21642" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4602-1" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4602-2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35678" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3281" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20253" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20178" }, { "trust": 0.1, "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20191" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3281" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20253" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20228" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0780" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35678" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20180" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20178" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1266" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:0343" } ], "sources": [ { "db": "VULHUB", "id": "VHN-163032" }, { "db": "PACKETSTORM", "id": "162650" }, { "db": "PACKETSTORM", "id": "163188" }, { "db": "PACKETSTORM", "id": "162877" }, { "db": "PACKETSTORM", "id": "159726" }, { "db": "PACKETSTORM", "id": "161728" }, { "db": "PACKETSTORM", "id": "162245" }, { "db": "PACKETSTORM", "id": "161255" }, { "db": "CNNVD", "id": "CNNVD-202006-145" }, { "db": "NVD", "id": "CVE-2020-10543" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-163032" }, { "db": "VULMON", "id": "CVE-2020-10543" }, { "db": "PACKETSTORM", "id": "162650" }, { "db": "PACKETSTORM", "id": "163188" }, { "db": "PACKETSTORM", "id": "162877" }, { "db": "PACKETSTORM", "id": "159726" }, { "db": "PACKETSTORM", "id": "161728" }, { "db": "PACKETSTORM", "id": "162245" }, { "db": "PACKETSTORM", "id": "161255" }, { "db": "CNNVD", "id": "CNNVD-202006-145" }, { "db": "NVD", "id": "CVE-2020-10543" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-05T00:00:00", "db": "VULHUB", "id": "VHN-163032" }, { "date": "2020-06-05T00:00:00", "db": "VULMON", "id": "CVE-2020-10543" }, { "date": "2021-05-19T14:04:40", "db": "PACKETSTORM", "id": "162650" }, { "date": "2021-06-17T17:53:22", "db": "PACKETSTORM", "id": "163188" }, { "date": "2021-06-01T14:45:29", "db": "PACKETSTORM", "id": "162877" }, { "date": "2020-10-27T16:58:55", "db": "PACKETSTORM", "id": "159726" }, { "date": "2021-03-09T16:26:05", "db": "PACKETSTORM", "id": "161728" }, { "date": "2021-04-20T16:17:10", "db": "PACKETSTORM", "id": "162245" }, { "date": "2021-02-02T16:12:23", "db": "PACKETSTORM", "id": "161255" }, { "date": "2020-06-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-145" }, { "date": "2020-06-05T14:15:10.467000", "db": "NVD", "id": "CVE-2020-10543" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-12T00:00:00", "db": "VULHUB", "id": "VHN-163032" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-10543" }, { "date": "2022-04-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-145" }, { "date": "2023-11-07T03:14:10.297000", "db": "NVD", "id": "CVE-2020-10543" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "159726" }, { "db": "CNNVD", "id": "CNNVD-202006-145" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Perl Input validation error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202006-145" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202006-145" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.