var-202007-1448
Vulnerability from variot
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. lodash Is vulnerable to resource allocation without restrictions or throttling.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. lodash is an open source JavaScript utility library. An input validation error vulnerability exists in lodash 4.17.15 and earlier versions. A remote attacker could exploit this vulnerability to execute arbitrary code on the system via the 'merge', 'mergeWith' and 'defaultsDeep' functions. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Bug Fix(es):
-
Previously, upgrade from Red Had Virtualization (RHV) 4.4.1 to RHV 4.4.2 failed due to dangling symlinks from the iSCSI Storage Domain that weren't cleaned up. In this release, the upgrade succeeds. (BZ#1895356)
-
Previously, when migrating a Windows virtual machine from a VMware environment to Red Hat Virtualization 4.4.3, the migration failed due to a file permission error. In this release, the migration succeeds. (BZ#1901423)
-
Bugs fixed (https://bugzilla.redhat.com/):
1835685 - [Hosted-Engine]"Installation Guide" and "RHV Documents" didn't jump to the correct pages in hosted engine page. 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1895356 - Upgrade to 4.4.2 will fail due to dangling symlinks 1895762 - cockpit ovirt(downstream) docs links point to upstream docs. 1896536 - CVE-2015-8011 lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c 1898023 - Rebase RHV-H 4.4.3 on RHEL 8.3.0.1 1898024 - Rebase RHV-H 4.4.3 on RHGS-3.5.z Batch #3 1901423 - [v2v] leaking USER and HOME environment from root causes virt-v2v error: failure: Unexpected file type which prevents VM migration 1902301 - Upgrade cockpit-ovirt to 0.14.14
- Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html.
Bug Fix(es):
-
send --nowait to libvirt when we collect qemu stats, to consume bz#1552092 (BZ#1613514)
-
Block moving HE hosts into different Data Centers and make HE host moved to different cluster NonOperational after activation (BZ#1702016)
-
If an in-use MAC is held by a VM on a different cluster, the engine does not attempt to get the next free MAC. (BZ#1760170)
-
Search backend cannot find VMs which name starts with a search keyword (BZ#1797717)
-
[Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation (BZ#1808320)
-
enable-usb-autoshare is always 0 in console.vv and usb-filter option is listed two times (BZ#1811466)
-
NumaPinningHelper is not huge pages aware, denies migration to suitable host (BZ#1812316)
-
Adding quota to group doesn't propagate to users (BZ#1822372)
-
Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35 Template (BZ#1829691)
-
Live Migration Bandwidth unit is different from Engine configuration (Mbps) and VDSM (MBps) (BZ#1845397)
-
RHV-M shows successful operation if OVA export/import failed during "qemu-img convert" phase (BZ#1854888)
-
Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address (BZ#1855305)
-
rhv-log-collector-analyzer --json fails with TypeError (BZ#1859314)
-
RHV 4.4 on AMD EPYC 7742 throws an NUMA related error on VM run (BZ#1866862)
-
Issue with dashboards creation when sending metrics to external Elasticsearch (BZ#1870133)
-
HostedEngine VM is broken after Cluster changed to UEFI (BZ#1871694)
-
[CNV&RHV]Notification about VM creation contain
string (BZ#1873136) -
VM stuck in Migrating status after migration completed due to incorrect status reported by VDSM after restart (BZ#1877632)
-
Use 4.5 as compatibility level for the Default DataCenter and the Default Cluster during installation (BZ#1879280)
-
unable to create/add index pattern in step 5 from kcs articles#4921101 (BZ#1881634)
-
[CNV&RHV] Remove warning about no active storage domain for Kubevirt VMs (BZ#1883844)
-
Deprecate and remove ovirt-engine-api-explorer (BZ#1884146)
-
[CNV&RHV] Disable creating new disks for Kubevirt VM (BZ#1884634)
-
Require ansible-2.9.14 in ovirt-engine (BZ#1888626)
Enhancement(s):
-
[RFE] Virtualization support for NVDIMM - RHV (BZ#1361718)
-
[RFE] - enable renaming HostedEngine VM name (BZ#1657294)
-
[RFE] Enabling Icelake new NIs - RHV (BZ#1745024)
-
[RFE] Show vCPUs and allocated memory in virtual machines summary (BZ#1752751)
-
[RFE] RHV-M Deployment/Install Needs it's own UUID (BZ#1825020)
-
[RFE] Destination Host in migrate VM dialog has to be searchable and sortable (BZ#1851865)
-
[RFE] Expose the "reinstallation required" flag of the hosts in the API (BZ#1856671)
-
Bugs fixed (https://bugzilla.redhat.com/):
1613514 - send --nowait to libvirt when we collect qemu stats, to consume bz#1552092
1657294 - [RFE] - enable renaming HostedEngine VM name
1691253 - ovirt-engine-extension-aaa-ldap-setup does not escape special characters in password
1702016 - Block moving HE hosts into different Data Centers and make HE host moved to different cluster NonOperational after activation
1752751 - [RFE] Show vCPUs and allocated memory in virtual machines summary
1760170 - If an in-use MAC is held by a VM on a different cluster, the engine does not attempt to get the next free MAC.
1797717 - Search backend cannot find VMs which name starts with a search keyword
1808320 - [Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation
1811466 - enable-usb-autoshare is always 0 in console.vv and usb-filter option is listed two times
1812316 - NumaPinningHelper is not huge pages aware, denies migration to suitable host
1822372 - Adding quota to group doesn't propagate to users
1825020 - [RFE] RHV-M Deployment/Install Needs it's own UUID
1828241 - Deleting snapshot do not display a lock for it's disks under "Disk Snapshots" tab.
1829691 - Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35 Template
1842344 - Status loop due to host initialization not checking network status, monitoring finding the network issue and auto-recovery.
1845432 - [CNV&RHV] Communicatoin with CNV cluster spamming engine.log when token is expired
1851865 - [RFE] Destination Host in migrate VM dialog has to be searchable and sortable
1854888 - RHV-M shows successful operation if OVA export/import failed during "qemu-img convert" phase
1855305 - Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address
1856671 - [RFE] Expose the "reinstallation required" flag of the hosts in the API
1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function
1859314 - rhv-log-collector-analyzer --json fails with TypeError
1862101 - rhv-image-discrepancies does show size of the images on the storage as size of the image in db and vice versa
1866981 - obj must be encoded before hashing
1870133 - Issue with dashboards creation when sending metrics to external Elasticsearch
1871694 - HostedEngine VM is broken after Cluster changed to UEFI
1872911 - RHV Administration Portal fails with 404 error even after updating to RHV 4.3.9
1873136 - [CNV&RHV]Notification about VM creation contain
- Description:
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2020:3807-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2020:3807 Issue date: 2020-09-23 CVE Names: CVE-2020-8203 CVE-2020-11022 CVE-2020-11023 CVE-2020-14333 ==================================================================== 1. Summary:
An update is now available for Red Hat Virtualization Engine 4.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch
- Description:
The org.ovirt.engine-root is a core component of oVirt.
The following packages have been upgraded to a later upstream version: ansible-runner-service (1.0.5), org.ovirt.engine-root (4.4.2.3), ovirt-engine-dwh (4.4.2.1), ovirt-engine-extension-aaa-ldap (1.4.1), ovirt-engine-ui-extensions (1.2.3), ovirt-log-collector (4.4.3), ovirt-web-ui (1.6.4), rhvm-branding-rhv (4.4.5), rhvm-dependencies (4.4.1), vdsm-jsonrpc-java (1.5.5). (BZ#1674420, BZ#1866734)
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht ml-single/technical_notes
Security Fix(es):
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing
-
ovirt-engine: Reflected cross site scripting vulnerability (CVE-2020-14333)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Cannot assign direct LUN from FC storage - grayed out (BZ#1625499)
-
VM portal always asks how to open console.vv even it has been set to default application. (BZ#1638217)
-
RESTAPI Not able to remove the QoS from a disk profile (BZ#1643520)
-
On OVA import, qemu-img fails to write to NFS storage domain (BZ#1748879)
-
Possible missing block path for a SCSI host device needs to be handled in the UI (BZ#1801206)
-
Scheduling Memory calculation disregards huge-pages (BZ#1804037)
-
Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. (BZ#1804046)
-
In Admin Portal, "Huge Pages (size: amount)" needs to be clarified (BZ#1806339)
-
Refresh LUN is using host from different Data Center to scan the LUN (BZ#1838051)
-
Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal (BZ#1843234)
-
[RHV-CNV] - NPE when creating new VM in cnv cluster (BZ#1854488)
-
[CNV&RHV] Add-Disk operation failed to complete. (BZ#1855377)
-
Cannot create KubeVirt VM as a normal user (BZ#1859460)
-
Welcome page - remove Metrics Store links and update "Insights Guide" link (BZ#1866466)
-
[RHV 4.4] Change in CPU model name after RHVH upgrade (BZ#1869209)
-
VM vm-name is down with error. Exit message: unsupported configuration: Can't add USB input device. USB bus is disabled. (BZ#1871235)
-
spec_ctrl host feature not detected (BZ#1875609)
Enhancement(s):
-
[RFE] API for changed blocks/sectors for a disk for incremental backup usage (BZ#1139877)
-
[RFE] Improve workflow for storage migration of VMs with multiple disks (BZ#1749803)
-
[RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots (BZ#1763812)
-
[RFE] enhance search filter for Storage Domains with free argument (BZ#1819260)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
- Bugs fixed (https://bugzilla.redhat.com/):
1625499 - Cannot assign direct LUN from FC storage - grayed out 1638217 - VM portal always asks how to open console.vv even it has been set to default application. 1643520 - RESTAPI Not able to remove the QoS from a disk profile 1674420 - [RFE] - add support for Cascadelake-Server CPUs (and IvyBridge) 1748879 - On OVA import, qemu-img fails to write to NFS storage domain 1749803 - [RFE] Improve workflow for storage migration of VMs with multiple disks 1758024 - Long running Ansible tasks timeout and abort for RHV-H hosts with STIG/Security Profiles applied 1763812 - [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots 1778471 - Using more than one asterisk in LDAP search string is not working when searching for AD users. 1787854 - RHV: Updating/reinstall a host which is part of affinity labels is removed from the affinity label. 1801206 - Possible missing block path for a SCSI host device needs to be handled in the UI 1803856 - [Scale] ovirt-vmconsole takes too long or times out in a 500+ VM environment. 1804037 - Scheduling Memory calculation disregards huge-pages 1804046 - Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. 1806339 - In Admin Portal, "Huge Pages (size: amount)" needs to be clarified 1816951 - [CNV&RHV] CNV VM migration failure is not handled correctly by the engine 1819260 - [RFE] enhance search filter for Storage Domains with free argument 1826255 - [CNV&RHV]Change name of type of provider - CNV -> OpenShift Virtualization 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831949 - RESTAPI javadoc contains missing information about assigning IP address to NIC 1831952 - RESTAPI contains malformed link around JSON representation fo the cluster 1831954 - RESTAPI javadoc contains malformed link around oVirt guest agent 1831956 - RESTAPI javadoc contains malformed link around time zone representation 1838051 - Refresh LUN is using host from different Data Center to scan the LUN 1841112 - not able to upload vm from OVA when there are 2 OVA from the same vm in same directory 1843234 - Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal 1850004 - CVE-2020-11023 jQuery: passing HTML containing
- Package List:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:
Source: ansible-runner-service-1.0.5-1.el8ev.src.rpm ovirt-engine-4.4.2.3-0.6.el8ev.src.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.src.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.src.rpm ovirt-log-collector-4.4.3-1.el8ev.src.rpm ovirt-web-ui-1.6.4-1.el8ev.src.rpm rhvm-branding-rhv-4.4.5-1.el8ev.src.rpm rhvm-dependencies-4.4.1-1.el8ev.src.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.src.rpm
noarch: ansible-runner-service-1.0.5-1.el8ev.noarch.rpm ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-backend-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dbscripts-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-setup-1.4.1-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-restapi-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-base-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-backup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-log-collector-4.4.3-1.el8ev.noarch.rpm ovirt-web-ui-1.6.4-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-branding-rhv-4.4.5-1.el8ev.noarch.rpm rhvm-dependencies-4.4.1-1.el8ev.noarch.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8203 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2020-14333 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX2t0HtzjgjWX9erEAQhpWg/+KolNmhmQCrst8TmYsC2IgSdHP+q0LKLj gdPZYu0ixOpwLLiAhrsoDXqL3H3w7UDSKkSISgPMEqEde4Vp+zI37O1q3E/P7CAj rfLGuL1UDEiy0q0g1BP13GrPlg6K4fR5wQAnTB6vD/ZY+wd50Z0T+NGAxd2w68bM R5q1kSOUPc4AZt25FORU2cmp775Y7DWazMWHC77uiJHgyCwVqLtdO09iEnglZDKJ BynwyT8exZKXxmmpE4QZ4X7wNo3Y0mTiRZo5eyxxQpwj9X+qw1V+pBdtMH/C1yhk J+X1f+wDoe2jCx2bqPXqp6EgFSHnJNt96jV0oTdD0f8rMgWcBDStNXdagPBmBCBp t+Kq3BZx0Oqkig4f+DCEmoS0V0fB9UQLg0Q/M9p1bTfYQkbn+BMHL7CAp8UyAzPH A1HlnP7TtQgplFvoap82xt2pXh97VvI6x3sBGHyW4Fz0SykhRYx3dAgmqy5nEssl 5ApWZ87M3l+2tUh4ZOJAtzRDt9sL5KQsXjp1jZaK/gWBsL4Suzr9AIrs4NmRmXnY TzxdXgIY6C+dWmB4TPhcJE5etcvtorqvs93d47yBdpRyO/IlbEw0vLUBdVZZuj9N mqp6RcHqDKm6Yv4B73Ud5my44wSRWVWtBxO6fivQOQG7iqCyIlA3M3LUMkVy+fxc bvmOI0eIsZw=Jhpi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
PROJQUAY-1417 - zstd compressed layers PROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay PROJQUAY-1535 - As a user I can create and use nested repository name structures PROJQUAY-1583 - add "disconnected" annotation to operators PROJQUAY-1609 - Operator communicates status per managed component PROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment PROJQUAY-1791 - v1beta CRD EOL PROJQUAY-1883 - Support OCP Re-encrypt routes PROJQUAY-1887 - allow either sha or tag in related images PROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. PROJQUAY-1998 - note database deprecations in 3.6 Config Tool PROJQUAY-2050 - Support OCP Edge-Termination PROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly PROJQUAY-2102 - add clair-4.2 enrichment data to quay UI PROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install
6
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1448", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.4" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.11.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.11" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "20.12.7" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking trade finance process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "communications subscriber-aware load balancer", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "cz8.3" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.12" }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "cz8.4" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "banking trade finance process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "lodash", "scope": "lt", "trust": 1.0, "vendor": "lodash", "version": "4.17.20" }, { "model": "enterprise communications broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.3.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "9.2.6.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "cz8.4" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.59" }, { "model": "communications subscriber-aware load balancer", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "cz8.4" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "enterprise communications broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "pcz3.3" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.0" }, { "model": "blockchain platform", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "enterprise communications broker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.2.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.58" }, { "model": "banking liquidity management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "banking trade finance process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "lodash", "scope": "eq", "trust": 0.8, "vendor": "lodash", "version": "4.17.15" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008656" }, { "db": "NVD", "id": "CVE-2020-8203" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*", "cpe_name": [], "versionEndExcluding": "4.17.20", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "20.12.7", "versionStartIncluding": "20.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.11", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.12", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_liquidity_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.2.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-8203" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "160589" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "160209" }, { "db": "PACKETSTORM", "id": "158797" }, { "db": "PACKETSTORM", "id": "158796" }, { "db": "PACKETSTORM", "id": "159275" }, { "db": "PACKETSTORM", "id": "164555" }, { "db": "CNNVD", "id": "CNNVD-202007-1043" } ], "trust": 1.3 }, "cve": "CVE-2020-8203", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-008656", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-186328", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2020-8203", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.4, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-008656", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-8203", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-008656", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202007-1043", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-186328", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-8203", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-186328" }, { "db": "VULMON", "id": "CVE-2020-8203" }, { "db": "JVNDB", "id": "JVNDB-2020-008656" }, { "db": "CNNVD", "id": "CNNVD-202007-1043" }, { "db": "NVD", "id": "CVE-2020-8203" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. lodash Is vulnerable to resource allocation without restrictions or throttling.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. lodash is an open source JavaScript utility library. An input validation error vulnerability exists in lodash 4.17.15 and earlier versions. A remote attacker could exploit this vulnerability to execute arbitrary code on the system via the \u0027merge\u0027, \u0027mergeWith\u0027 and \u0027defaultsDeep\u0027 functions. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. These\npackages include redhat-release-virtualization-host, ovirt-node, and\nrhev-hypervisor. RHVH features a Cockpit user interface for\nmonitoring the host\u0027s resources and performing administrative tasks. \n\nBug Fix(es):\n\n* Previously, upgrade from Red Had Virtualization (RHV) 4.4.1 to RHV 4.4.2\nfailed due to dangling symlinks from the iSCSI Storage Domain that weren\u0027t\ncleaned up. In this release, the upgrade succeeds. (BZ#1895356)\n\n* Previously, when migrating a Windows virtual machine from a VMware\nenvironment to Red Hat Virtualization 4.4.3, the migration failed due to a\nfile permission error. In this release, the migration succeeds. \n(BZ#1901423)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1835685 - [Hosted-Engine]\"Installation Guide\" and \"RHV Documents\" didn\u0027t jump to the correct pages in hosted engine page. \n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1895356 - Upgrade to 4.4.2 will fail due to dangling symlinks\n1895762 - cockpit ovirt(downstream) docs links point to upstream docs. \n1896536 - CVE-2015-8011 lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c\n1898023 - Rebase RHV-H 4.4.3 on RHEL 8.3.0.1\n1898024 - Rebase RHV-H 4.4.3 on RHGS-3.5.z Batch #3\n1901423 - [v2v] leaking USER and HOME environment from root causes virt-v2v error: failure: Unexpected file type which prevents VM migration\n1902301 - Upgrade cockpit-ovirt to 0.14.14\n\n6. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. \n\nBug Fix(es):\n\n* send --nowait to libvirt when we collect qemu stats, to consume\nbz#1552092 (BZ#1613514)\n\n* Block moving HE hosts into different Data Centers and make HE host moved\nto different cluster NonOperational after activation (BZ#1702016)\n\n* If an in-use MAC is held by a VM on a different cluster, the engine does\nnot attempt to get the next free MAC. (BZ#1760170)\n\n* Search backend cannot find VMs which name starts with a search keyword\n(BZ#1797717)\n\n* [Permissions] DataCenterAdmin role defined on DC level does not allow\nCluster creation (BZ#1808320)\n\n* enable-usb-autoshare is always 0 in console.vv and usb-filter option is\nlisted two times (BZ#1811466)\n\n* NumaPinningHelper is not huge pages aware, denies migration to suitable\nhost (BZ#1812316)\n\n* Adding quota to group doesn\u0027t propagate to users (BZ#1822372)\n\n* Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35\nTemplate (BZ#1829691)\n\n* Live Migration Bandwidth unit is different from Engine configuration\n(Mbps) and VDSM (MBps) (BZ#1845397)\n\n* RHV-M shows successful operation if OVA export/import failed during\n\"qemu-img convert\" phase (BZ#1854888)\n\n* Cannot hotplug disk reports libvirtError: Requested operation is not\nvalid: Domain already contains a disk with that address (BZ#1855305)\n\n* rhv-log-collector-analyzer --json fails with TypeError (BZ#1859314)\n\n* RHV 4.4 on AMD EPYC 7742 throws an NUMA related error on VM run\n(BZ#1866862)\n\n* Issue with dashboards creation when sending metrics to external\nElasticsearch (BZ#1870133)\n\n* HostedEngine VM is broken after Cluster changed to UEFI (BZ#1871694)\n\n* [CNV\u0026RHV]Notification about VM creation contain \u003cUNKNOWN\u003e string\n(BZ#1873136)\n\n* VM stuck in Migrating status after migration completed due to incorrect\nstatus reported by VDSM after restart (BZ#1877632)\n\n* Use 4.5 as compatibility level for the Default DataCenter and the Default\nCluster during installation (BZ#1879280)\n\n* unable to create/add index pattern in step 5 from kcs articles#4921101\n(BZ#1881634)\n\n* [CNV\u0026RHV] Remove warning about no active storage domain for Kubevirt VMs\n(BZ#1883844)\n\n* Deprecate and remove ovirt-engine-api-explorer (BZ#1884146)\n\n* [CNV\u0026RHV] Disable creating new disks for Kubevirt VM (BZ#1884634)\n\n* Require ansible-2.9.14 in ovirt-engine (BZ#1888626)\n\nEnhancement(s):\n\n* [RFE] Virtualization support for NVDIMM - RHV (BZ#1361718)\n\n* [RFE] - enable renaming HostedEngine VM name (BZ#1657294)\n\n* [RFE] Enabling Icelake new NIs - RHV (BZ#1745024)\n\n* [RFE] Show vCPUs and allocated memory in virtual machines summary\n(BZ#1752751)\n\n* [RFE] RHV-M Deployment/Install Needs it\u0027s own UUID (BZ#1825020)\n\n* [RFE] Destination Host in migrate VM dialog has to be searchable and\nsortable (BZ#1851865)\n\n* [RFE] Expose the \"reinstallation required\" flag of the hosts in the API\n(BZ#1856671)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1613514 - send --nowait to libvirt when we collect qemu stats, to consume bz#1552092\n1657294 - [RFE] - enable renaming HostedEngine VM name\n1691253 - ovirt-engine-extension-aaa-ldap-setup does not escape special characters in password\n1702016 - Block moving HE hosts into different Data Centers and make HE host moved to different cluster NonOperational after activation\n1752751 - [RFE] Show vCPUs and allocated memory in virtual machines summary\n1760170 - If an in-use MAC is held by a VM on a different cluster, the engine does not attempt to get the next free MAC. \n1797717 - Search backend cannot find VMs which name starts with a search keyword\n1808320 - [Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation\n1811466 - enable-usb-autoshare is always 0 in console.vv and usb-filter option is listed two times\n1812316 - NumaPinningHelper is not huge pages aware, denies migration to suitable host\n1822372 - Adding quota to group doesn\u0027t propagate to users\n1825020 - [RFE] RHV-M Deployment/Install Needs it\u0027s own UUID\n1828241 - Deleting snapshot do not display a lock for it\u0027s disks under \"Disk Snapshots\" tab. \n1829691 - Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35 Template\n1842344 - Status loop due to host initialization not checking network status, monitoring finding the network issue and auto-recovery. \n1845432 - [CNV\u0026RHV] Communicatoin with CNV cluster spamming engine.log when token is expired\n1851865 - [RFE] Destination Host in migrate VM dialog has to be searchable and sortable\n1854888 - RHV-M shows successful operation if OVA export/import failed during \"qemu-img convert\" phase\n1855305 - Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address\n1856671 - [RFE] Expose the \"reinstallation required\" flag of the hosts in the API\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1859314 - rhv-log-collector-analyzer --json fails with TypeError\n1862101 - rhv-image-discrepancies does show size of the images on the storage as size of the image in db and vice versa\n1866981 - obj must be encoded before hashing\n1870133 - Issue with dashboards creation when sending metrics to external Elasticsearch\n1871694 - HostedEngine VM is broken after Cluster changed to UEFI\n1872911 - RHV Administration Portal fails with 404 error even after updating to RHV 4.3.9\n1873136 - [CNV\u0026RHV]Notification about VM creation contain \u003cUNKNOWN\u003e string\n1876923 - PostgreSQL 12 in RHV 4.4 - engine-setup menu ref URL needs updating\n1877632 - VM stuck in Migrating status after migration completed due to incorrect status reported by VDSM after restart\n1877679 - Synchronize advanced virtualization module with RHEL version during host upgrade\n1879199 - ovirt-engine-extension-aaa-ldap-setup fails on cert import\n1879280 - Use 4.5 as compatibility level for the Default DataCenter and the Default Cluster during installation\n1879377 - [DWH] Rebase bug - for the 4.4.3 release\n1881634 - unable to create/add index pattern in step 5 from kcs articles#4921101\n1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS\n1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution\n1883844 - [CNV\u0026RHV] Remove warning about no active storage domain for Kubevirt VMs\n1884146 - Deprecate and remove ovirt-engine-api-explorer\n1884634 - [CNV\u0026RHV] Disable creating new disks for Kubevirt VM\n1885976 - rhv-log-collector-analyzer - argument must be str, not bytes\n1887268 - Cannot perform yum update on my RHV manager (ansible conflict)\n1888626 - Require ansible-2.9.14 in ovirt-engine\n1889522 - metrics playbooks are broken due to typo\n\n6. Description:\n\nRed Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Virtualization security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:3807-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3807\nIssue date: 2020-09-23\nCVE Names: CVE-2020-8203 CVE-2020-11022 CVE-2020-11023\n CVE-2020-14333\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Virtualization Engine 4.4. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch\n\n3. Description:\n\nThe org.ovirt.engine-root is a core component of oVirt. \n\nThe following packages have been upgraded to a later upstream version:\nansible-runner-service (1.0.5), org.ovirt.engine-root (4.4.2.3),\novirt-engine-dwh (4.4.2.1), ovirt-engine-extension-aaa-ldap (1.4.1),\novirt-engine-ui-extensions (1.2.3), ovirt-log-collector (4.4.3),\novirt-web-ui (1.6.4), rhvm-branding-rhv (4.4.5), rhvm-dependencies (4.4.1),\nvdsm-jsonrpc-java (1.5.5). (BZ#1674420, BZ#1866734)\n\nA list of bugs fixed in this update is available in the Technical Notes\nbook:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht\nml-single/technical_notes\n\nSecurity Fix(es):\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* ovirt-engine: Reflected cross site scripting vulnerability\n(CVE-2020-14333)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Cannot assign direct LUN from FC storage - grayed out (BZ#1625499)\n\n* VM portal always asks how to open console.vv even it has been set to\ndefault application. (BZ#1638217)\n\n* RESTAPI Not able to remove the QoS from a disk profile (BZ#1643520)\n\n* On OVA import, qemu-img fails to write to NFS storage domain (BZ#1748879)\n\n* Possible missing block path for a SCSI host device needs to be handled in\nthe UI (BZ#1801206)\n\n* Scheduling Memory calculation disregards huge-pages (BZ#1804037)\n\n* Engine does not reduce scheduling memory when a VM with dynamic hugepages\nruns. (BZ#1804046)\n\n* In Admin Portal, \"Huge Pages (size: amount)\" needs to be clarified\n(BZ#1806339)\n\n* Refresh LUN is using host from different Data Center to scan the LUN\n(BZ#1838051)\n\n* Unable to create Windows VM\u0027s with Mozilla Firefox version 74.0.1 and\ngreater for RHV-M GUI/Webadmin portal (BZ#1843234)\n\n* [RHV-CNV] - NPE when creating new VM in cnv cluster (BZ#1854488)\n\n* [CNV\u0026RHV] Add-Disk operation failed to complete. (BZ#1855377)\n\n* Cannot create KubeVirt VM as a normal user (BZ#1859460)\n\n* Welcome page - remove Metrics Store links and update \"Insights Guide\"\nlink (BZ#1866466)\n\n* [RHV 4.4] Change in CPU model name after RHVH upgrade (BZ#1869209)\n\n* VM vm-name is down with error. Exit message: unsupported configuration:\nCan\u0027t add USB input device. USB bus is disabled. (BZ#1871235)\n\n* spec_ctrl host feature not detected (BZ#1875609)\n\nEnhancement(s):\n\n* [RFE] API for changed blocks/sectors for a disk for incremental backup\nusage (BZ#1139877)\n\n* [RFE] Improve workflow for storage migration of VMs with multiple disks\n(BZ#1749803)\n\n* [RFE] Move the Remove VM button to the drop down menu when viewing\ndetails such as snapshots (BZ#1763812)\n\n* [RFE] enhance search filter for Storage Domains with free argument\n(BZ#1819260)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1625499 - Cannot assign direct LUN from FC storage - grayed out\n1638217 - VM portal always asks how to open console.vv even it has been set to default application. \n1643520 - RESTAPI Not able to remove the QoS from a disk profile\n1674420 - [RFE] - add support for Cascadelake-Server CPUs (and IvyBridge)\n1748879 - On OVA import, qemu-img fails to write to NFS storage domain\n1749803 - [RFE] Improve workflow for storage migration of VMs with multiple disks\n1758024 - Long running Ansible tasks timeout and abort for RHV-H hosts with STIG/Security Profiles applied\n1763812 - [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots\n1778471 - Using more than one asterisk in LDAP search string is not working when searching for AD users. \n1787854 - RHV: Updating/reinstall a host which is part of affinity labels is removed from the affinity label. \n1801206 - Possible missing block path for a SCSI host device needs to be handled in the UI\n1803856 - [Scale] ovirt-vmconsole takes too long or times out in a 500+ VM environment. \n1804037 - Scheduling Memory calculation disregards huge-pages\n1804046 - Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. \n1806339 - In Admin Portal, \"Huge Pages (size: amount)\" needs to be clarified\n1816951 - [CNV\u0026RHV] CNV VM migration failure is not handled correctly by the engine\n1819260 - [RFE] enhance search filter for Storage Domains with free argument\n1826255 - [CNV\u0026RHV]Change name of type of provider - CNV -\u003e OpenShift Virtualization\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1831949 - RESTAPI javadoc contains missing information about assigning IP address to NIC\n1831952 - RESTAPI contains malformed link around JSON representation fo the cluster\n1831954 - RESTAPI javadoc contains malformed link around oVirt guest agent\n1831956 - RESTAPI javadoc contains malformed link around time zone representation\n1838051 - Refresh LUN is using host from different Data Center to scan the LUN\n1841112 - not able to upload vm from OVA when there are 2 OVA from the same vm in same directory\n1843234 - Unable to create Windows VM\u0027s with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal\n1850004 - CVE-2020-11023 jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1854488 - [RHV-CNV] - NPE when creating new VM in cnv cluster\n1855377 - [CNV\u0026RHV] Add-Disk operation failed to complete. \n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1858184 - CVE-2020-14333 ovirt-engine: Reflected cross site scripting vulnerability\n1859460 - Cannot create KubeVirt VM as a normal user\n1860907 - Upgrade bundled GWT to 2.9.0\n1866466 - Welcome page - remove Metrics Store links and update \"Insights Guide\" link\n1866734 - [DWH] Rebase bug - for the 4.4.2 release\n1869209 - [RHV 4.4] Change in CPU model name after RHVH upgrade\n1869302 - ansible 2.9.12 - host deploy fixes\n1871235 - VM vm-name is down with error. Exit message: unsupported configuration: Can\u0027t add USB input device. USB bus is disabled. \n1875609 - spec_ctrl host feature not detected\n1875851 - Web Admin interface broken on Firefox ESR 68.11\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\nansible-runner-service-1.0.5-1.el8ev.src.rpm\novirt-engine-4.4.2.3-0.6.el8ev.src.rpm\novirt-engine-dwh-4.4.2.1-1.el8ev.src.rpm\novirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.2.3-1.el8ev.src.rpm\novirt-log-collector-4.4.3-1.el8ev.src.rpm\novirt-web-ui-1.6.4-1.el8ev.src.rpm\nrhvm-branding-rhv-4.4.5-1.el8ev.src.rpm\nrhvm-dependencies-4.4.1-1.el8ev.src.rpm\nvdsm-jsonrpc-java-1.5.5-1.el8ev.src.rpm\n\nnoarch:\nansible-runner-service-1.0.5-1.el8ev.noarch.rpm\novirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-backend-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-dbscripts-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-dwh-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-setup-1.4.1-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-restapi-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-base-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-tools-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-tools-backup-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.2.3-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-log-collector-4.4.3-1.el8ev.noarch.rpm\novirt-web-ui-1.6.4-1.el8ev.noarch.rpm\npython3-ovirt-engine-lib-4.4.2.3-0.6.el8ev.noarch.rpm\nrhvm-4.4.2.3-0.6.el8ev.noarch.rpm\nrhvm-branding-rhv-4.4.5-1.el8ev.noarch.rpm\nrhvm-dependencies-4.4.1-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.5.5-1.el8ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8203\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/cve/CVE-2020-14333\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX2t0HtzjgjWX9erEAQhpWg/+KolNmhmQCrst8TmYsC2IgSdHP+q0LKLj\ngdPZYu0ixOpwLLiAhrsoDXqL3H3w7UDSKkSISgPMEqEde4Vp+zI37O1q3E/P7CAj\nrfLGuL1UDEiy0q0g1BP13GrPlg6K4fR5wQAnTB6vD/ZY+wd50Z0T+NGAxd2w68bM\nR5q1kSOUPc4AZt25FORU2cmp775Y7DWazMWHC77uiJHgyCwVqLtdO09iEnglZDKJ\nBynwyT8exZKXxmmpE4QZ4X7wNo3Y0mTiRZo5eyxxQpwj9X+qw1V+pBdtMH/C1yhk\nJ+X1f+wDoe2jCx2bqPXqp6EgFSHnJNt96jV0oTdD0f8rMgWcBDStNXdagPBmBCBp\nt+Kq3BZx0Oqkig4f+DCEmoS0V0fB9UQLg0Q/M9p1bTfYQkbn+BMHL7CAp8UyAzPH\nA1HlnP7TtQgplFvoap82xt2pXh97VvI6x3sBGHyW4Fz0SykhRYx3dAgmqy5nEssl\n5ApWZ87M3l+2tUh4ZOJAtzRDt9sL5KQsXjp1jZaK/gWBsL4Suzr9AIrs4NmRmXnY\nTzxdXgIY6C+dWmB4TPhcJE5etcvtorqvs93d47yBdpRyO/IlbEw0vLUBdVZZuj9N\nmqp6RcHqDKm6Yv4B73Ud5my44wSRWVWtBxO6fivQOQG7iqCyIlA3M3LUMkVy+fxc\nbvmOI0eIsZw=Jhpi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1417 - zstd compressed layers\nPROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay\nPROJQUAY-1535 - As a user I can create and use nested repository name structures\nPROJQUAY-1583 - add \"disconnected\" annotation to operators\nPROJQUAY-1609 - Operator communicates status per managed component\nPROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment\nPROJQUAY-1791 - v1beta CRD EOL\nPROJQUAY-1883 - Support OCP Re-encrypt routes\nPROJQUAY-1887 - allow either sha or tag in related images\nPROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. \nPROJQUAY-1998 - note database deprecations in 3.6 Config Tool\nPROJQUAY-2050 - Support OCP Edge-Termination\nPROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly\nPROJQUAY-2102 - add clair-4.2 enrichment data to quay UI\nPROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install\n\n6", "sources": [ { "db": "NVD", "id": "CVE-2020-8203" }, { "db": "JVNDB", "id": "JVNDB-2020-008656" }, { "db": "VULHUB", "id": "VHN-186328" }, { "db": "VULMON", "id": "CVE-2020-8203" }, { "db": "PACKETSTORM", "id": "160589" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "160209" }, { "db": "PACKETSTORM", "id": "158797" }, { "db": "PACKETSTORM", "id": "158796" }, { "db": "PACKETSTORM", "id": "159275" }, { "db": "PACKETSTORM", "id": "164555" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-8203", "trust": 3.3 }, { "db": "HACKERONE", "id": "712065", "trust": 1.8 }, { "db": "PACKETSTORM", "id": "158797", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "160589", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "160209", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159275", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-008656", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202007-1043", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164555", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021072725", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072145", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022041931", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042310", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4460", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2715", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3700", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3255", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.3143", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3472", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5150", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4180", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5790", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158796", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-186328", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-8203", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159727", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-186328" }, { "db": "VULMON", "id": "CVE-2020-8203" }, { "db": "JVNDB", "id": "JVNDB-2020-008656" }, { "db": "PACKETSTORM", "id": "160589" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "160209" }, { "db": "PACKETSTORM", "id": "158797" }, { "db": "PACKETSTORM", "id": "158796" }, { "db": "PACKETSTORM", "id": "159275" }, { "db": "PACKETSTORM", "id": "164555" }, { "db": "CNNVD", "id": "CNNVD-202007-1043" }, { "db": "NVD", "id": "CVE-2020-8203" } ] }, "id": "VAR-202007-1448", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-186328" } ], "trust": 0.01 }, "last_update_date": "2024-01-21T21:15:51.312000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2020-8203 is not modified in /.internal/baseSet.js #4874", "trust": 0.8, "url": "https://github.com/lodash/lodash/issues/4874" }, { "title": "lodash Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=124909" }, { "title": "Debian CVElist Bug Report Logs: node-lodash: CVE-2020-8203", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e2a3a37cadf3658ad136a09d0edc4403" }, { "title": "Red Hat: Important: Red Hat Virtualization security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205611 - security advisory" }, { "title": "Red Hat: Low: Red Hat Virtualization security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205179 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203807 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203369 - security advisory" }, { "title": "IBM: Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data \u2013 Node.js (CVE-2020-8203)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0d7ed837a314c7bb63d61727a6cea7fa" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204298 - security advisory" }, { "title": "node-elm-compiler", "trust": 0.1, "url": "https://github.com/rtfeldman/node-elm-compiler " }, { "title": "CloudGuard-ShiftLeft-CICD", "trust": 0.1, "url": "https://github.com/chkp-dhouari/cloudguard-shiftleft-cicd " }, { "title": "CloudGuard-ShiftLeft-CICD-mams", "trust": 0.1, "url": "https://github.com/mamadoudemb/cloudguard-shiftleft-cicd-mams " }, { "title": "shiftleft-cicd-demo", "trust": 0.1, "url": "https://github.com/ecarbon277/shiftleft-cicd-demo " }, { "title": "", "trust": 0.1, "url": "https://github.com/p3sky/cloudguard-shifleft-cicd " }, { "title": "shiftleftv3", "trust": 0.1, "url": "https://github.com/puryersc/shiftleftv3 " }, { "title": "shiftleftv2", "trust": 0.1, "url": "https://github.com/puryersc/shiftleftv2 " }, { "title": "shiftleftv4", "trust": 0.1, "url": "https://github.com/puryersc/shiftleftv4 " }, { "title": "Web-CTF-Cheatsheet", "trust": 0.1, "url": "https://github.com/duckstroms/web-ctf-cheatsheet " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-8203" }, { "db": "JVNDB", "id": "JVNDB-2020-008656" }, { "db": "CNNVD", "id": "CNNVD-202007-1043" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-1321", "trust": 1.0 }, { "problemtype": "CWE-770", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-186328" }, { "db": "JVNDB", "id": "JVNDB-2020-008656" }, { "db": "NVD", "id": "CVE-2020-8203" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8203" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200724-0006/" }, { "trust": 1.8, "url": "https://github.com/lodash/lodash/issues/4874" }, { "trust": 1.8, "url": "https://hackerone.com/reports/712065" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8203" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2020-8203/" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2020-8203" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4460/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3143" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072145" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164555/red-hat-security-advisory-2021-3917-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022041931" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3472" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158797/red-hat-security-advisory-2020-3369-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159275/red-hat-security-advisory-2020-3807-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/160589/red-hat-security-advisory-2020-5611-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-javascript-affects-ibm-license-metric-tool-v9-cve-2020-8203/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-oss-security-scan-issues-for-concerto-installer/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-oss-scan-fixes-for-content-pos/" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujul2021.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042310" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/160209/red-hat-security-advisory-2020-5179-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3700/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4180/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5150" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072725" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5790" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2715/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/node-js-lodash-privilege-escalation-via-prototype-pollution-33309" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3255/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/2974891" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-11023" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-9283" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-15366" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-14040" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-11022" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20922" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20920" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20922" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-20920" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9283" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/1321.html" }, { "trust": 0.1, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283" }, { "trust": 0.1, "url": "https://github.com/rtfeldman/node-elm-compiler" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-8011" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8011" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5611" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8768" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20852" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8535" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10743" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19126" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1712" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8518" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12448" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8611" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6251" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8676" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17451" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20060" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7150" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1547" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7664" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8607" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12052" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5482" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14973" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8594" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8690" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13752" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8601" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3822" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11324" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19925" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7146" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1010204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8524" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-10739" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16890" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5481" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8536" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8686" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8671" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8544" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12049" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8571" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19519" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15719" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2013-0169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8677" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5436" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-18624" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8595" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13753" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11459" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8679" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12795" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20657" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5094" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12450" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14336" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8619" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4298" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8622" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1010180" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7598" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8681" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3825" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-18074" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6237" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6706" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8673" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8559" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8687" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13822" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19923" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16769" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8672" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14822" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8608" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7662" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8615" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7665" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8666" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8457" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5953" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8689" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15847" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14498" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8735" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11236" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19924" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12245" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14404" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8726" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8596" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8696" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8610" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18408" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13636" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1563" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11070" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7149" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16056" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20337" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11110" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8584" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19959" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8675" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8563" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10531" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13232" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10715" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8609" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8587" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-18751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8583" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-9251" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11008" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8597" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:5179" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12666" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3369" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12666" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.5/jaeger/jaeger_install/rhb" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3370" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3807" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14333" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14333" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27922" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1109" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7608" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26237" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-21270" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22924" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25292" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25289" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25648" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3728" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-34552" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35653" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35654" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3721" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23368" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1107" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3774" }, { "trust": 0.1, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7608" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16137" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21270" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23382" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26291" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15366" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25291" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27921" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3774" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1010266" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35654" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22922" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27923" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25290" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22923" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23364" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010266" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1107" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3917" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26291" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35653" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23382" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-16138" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3721" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27516" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16138" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-16137" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23364" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23368" } ], "sources": [ { "db": "VULHUB", "id": "VHN-186328" }, { "db": "VULMON", "id": "CVE-2020-8203" }, { "db": "JVNDB", "id": "JVNDB-2020-008656" }, { "db": "PACKETSTORM", "id": "160589" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "160209" }, { "db": "PACKETSTORM", "id": "158797" }, { "db": "PACKETSTORM", "id": "158796" }, { "db": "PACKETSTORM", "id": "159275" }, { "db": "PACKETSTORM", "id": "164555" }, { "db": "CNNVD", "id": "CNNVD-202007-1043" }, { "db": "NVD", "id": "CVE-2020-8203" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-186328" }, { "db": "VULMON", "id": "CVE-2020-8203" }, { "db": "JVNDB", "id": "JVNDB-2020-008656" }, { "db": "PACKETSTORM", "id": "160589" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "160209" }, { "db": "PACKETSTORM", "id": "158797" }, { "db": "PACKETSTORM", "id": "158796" }, { "db": "PACKETSTORM", "id": "159275" }, { "db": "PACKETSTORM", "id": "164555" }, { "db": "CNNVD", "id": "CNNVD-202007-1043" }, { "db": "NVD", "id": "CVE-2020-8203" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-15T00:00:00", "db": "VULHUB", "id": "VHN-186328" }, { "date": "2020-07-15T00:00:00", "db": "VULMON", "id": "CVE-2020-8203" }, { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008656" }, { "date": "2020-12-17T17:36:24", "db": "PACKETSTORM", "id": "160589" }, { "date": "2020-10-27T16:59:02", "db": "PACKETSTORM", "id": "159727" }, { "date": "2020-11-24T15:30:15", "db": "PACKETSTORM", "id": "160209" }, { "date": "2020-08-07T18:27:30", "db": "PACKETSTORM", "id": "158797" }, { "date": "2020-08-07T18:27:14", "db": "PACKETSTORM", "id": "158796" }, { "date": "2020-09-24T00:30:36", "db": "PACKETSTORM", "id": "159275" }, { "date": "2021-10-19T15:32:20", "db": "PACKETSTORM", "id": "164555" }, { "date": "2020-07-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1043" }, { "date": "2020-07-15T17:15:11.797000", "db": "NVD", "id": "CVE-2020-8203" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-12T00:00:00", "db": "VULHUB", "id": "VHN-186328" }, { "date": "2022-05-12T00:00:00", "db": "VULMON", "id": "CVE-2020-8203" }, { "date": "2020-09-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008656" }, { "date": "2023-06-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-1043" }, { "date": "2024-01-21T02:37:13.193000", "db": "NVD", "id": "CVE-2020-8203" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1043" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lodash Vulnerability in resource allocation without restrictions or throttling in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008656" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-1043" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.