var-202104-1841
Vulnerability from variot
An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. macOS There is an input validation vulnerability in.Information may be obtained. SUSE Linux Enterprise Desktop is an enterprise server version of Linux desktop operating system of German SUSE company. There is a security vulnerability in SUSE Linux Enterprise Desktop. Attackers can use this vulnerability to forcibly read invalid addresses through the Extension field of CUPS to trigger denial of service or obtain sensitive information. A security issue was found in cups before version 2.3.3op2. A missing length check in the ippReadIO function could lead to a buffer over-read. Bugs fixed (https://bugzilla.redhat.com/):
2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2021:4393-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4393 Issue date: 2021-11-09 CVE Names: CVE-2020-10001 ==================================================================== 1. Summary:
An update for cups is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.
Security Fix(es):
- cups: access to uninitialized buffer in ipp.c (CVE-2020-10001)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the cupsd service will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1782216 - Print queue is paused after ipp backend ends with CUPS_BACKEND_STOP 1921680 - CVE-2020-10001 cups: access to uninitialized buffer in ipp.c 1938384 - CUPS doesn't start if sssd starts after cupsd 1941437 - cupsd doesn't log job ids when logging into journal 1955964 - PreserveJobHistory doesn't work with seconds
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64: cups-2.2.6-40.el8.aarch64.rpm cups-client-2.2.6-40.el8.aarch64.rpm cups-client-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debugsource-2.2.6-40.el8.aarch64.rpm cups-devel-2.2.6-40.el8.aarch64.rpm cups-ipptool-2.2.6-40.el8.aarch64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.aarch64.rpm cups-libs-debuginfo-2.2.6-40.el8.aarch64.rpm cups-lpd-2.2.6-40.el8.aarch64.rpm cups-lpd-debuginfo-2.2.6-40.el8.aarch64.rpm
noarch: cups-filesystem-2.2.6-40.el8.noarch.rpm
ppc64le: cups-2.2.6-40.el8.ppc64le.rpm cups-client-2.2.6-40.el8.ppc64le.rpm cups-client-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debugsource-2.2.6-40.el8.ppc64le.rpm cups-devel-2.2.6-40.el8.ppc64le.rpm cups-ipptool-2.2.6-40.el8.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-libs-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-lpd-2.2.6-40.el8.ppc64le.rpm cups-lpd-debuginfo-2.2.6-40.el8.ppc64le.rpm
s390x: cups-2.2.6-40.el8.s390x.rpm cups-client-2.2.6-40.el8.s390x.rpm cups-client-debuginfo-2.2.6-40.el8.s390x.rpm cups-debuginfo-2.2.6-40.el8.s390x.rpm cups-debugsource-2.2.6-40.el8.s390x.rpm cups-devel-2.2.6-40.el8.s390x.rpm cups-ipptool-2.2.6-40.el8.s390x.rpm cups-ipptool-debuginfo-2.2.6-40.el8.s390x.rpm cups-libs-debuginfo-2.2.6-40.el8.s390x.rpm cups-lpd-2.2.6-40.el8.s390x.rpm cups-lpd-debuginfo-2.2.6-40.el8.s390x.rpm
x86_64: cups-2.2.6-40.el8.x86_64.rpm cups-client-2.2.6-40.el8.x86_64.rpm cups-client-debuginfo-2.2.6-40.el8.i686.rpm cups-client-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debuginfo-2.2.6-40.el8.i686.rpm cups-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debugsource-2.2.6-40.el8.i686.rpm cups-debugsource-2.2.6-40.el8.x86_64.rpm cups-devel-2.2.6-40.el8.i686.rpm cups-devel-2.2.6-40.el8.x86_64.rpm cups-ipptool-2.2.6-40.el8.x86_64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.i686.rpm cups-ipptool-debuginfo-2.2.6-40.el8.x86_64.rpm cups-libs-debuginfo-2.2.6-40.el8.i686.rpm cups-libs-debuginfo-2.2.6-40.el8.x86_64.rpm cups-lpd-2.2.6-40.el8.x86_64.rpm cups-lpd-debuginfo-2.2.6-40.el8.i686.rpm cups-lpd-debuginfo-2.2.6-40.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: cups-2.2.6-40.el8.src.rpm
aarch64: cups-client-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debugsource-2.2.6-40.el8.aarch64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.aarch64.rpm cups-libs-2.2.6-40.el8.aarch64.rpm cups-libs-debuginfo-2.2.6-40.el8.aarch64.rpm cups-lpd-debuginfo-2.2.6-40.el8.aarch64.rpm
ppc64le: cups-client-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debugsource-2.2.6-40.el8.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-libs-2.2.6-40.el8.ppc64le.rpm cups-libs-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-lpd-debuginfo-2.2.6-40.el8.ppc64le.rpm
s390x: cups-client-debuginfo-2.2.6-40.el8.s390x.rpm cups-debuginfo-2.2.6-40.el8.s390x.rpm cups-debugsource-2.2.6-40.el8.s390x.rpm cups-ipptool-debuginfo-2.2.6-40.el8.s390x.rpm cups-libs-2.2.6-40.el8.s390x.rpm cups-libs-debuginfo-2.2.6-40.el8.s390x.rpm cups-lpd-debuginfo-2.2.6-40.el8.s390x.rpm
x86_64: cups-client-debuginfo-2.2.6-40.el8.i686.rpm cups-client-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debuginfo-2.2.6-40.el8.i686.rpm cups-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debugsource-2.2.6-40.el8.i686.rpm cups-debugsource-2.2.6-40.el8.x86_64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.i686.rpm cups-ipptool-debuginfo-2.2.6-40.el8.x86_64.rpm cups-libs-2.2.6-40.el8.i686.rpm cups-libs-2.2.6-40.el8.x86_64.rpm cups-libs-debuginfo-2.2.6-40.el8.i686.rpm cups-libs-debuginfo-2.2.6-40.el8.x86_64.rpm cups-lpd-debuginfo-2.2.6-40.el8.i686.rpm cups-lpd-debuginfo-2.2.6-40.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10001 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYrdptzjgjWX9erEAQifnA//fTvcvlIMMRvl8mpYAZuZ9Tv8ZLKYT62j LfH/kVsjq5mJDCPUErwq7XgWN0RfhXaV7dPvB/FbCR1Vh4xtrQEev9JsOkP4g/3z WeuNvlfEtgNcSTSeVJEgIDPi1Dqr4PfNfcy81PWzU0T9K2i17BAIlqVcE7N8Zq71 azP5IT5M7xZU21PbqnDy5ULgb5CVtexslxemufa7kkeRDTl8FjeSq7nWXV4DWAjP 2W9/wzHfGgXtMn4wp/64knWPFROocKiwhj69YTGgPecvdvWHnIkZ9cwWSpAT0LIj SIxRTZoGyusouZZV8gchVS9qtsl4VP1B15QF2C1FK8kiJfEaxeJVH9Kf89QLsX8s ZtVMW4WlqWyBI0kmCL4Yz/bxkBnQuhzgbb+tO4347gpaXpW6zwTu8qp2iYBYHFyX EQFaxYTXaV9kxHgkDNqnw5m5Fi+Q/hz7sZcX8485BbDeqbqqVdi2QdvCsCtPcIgj GTp0dTOwoJc/3o35e6cv4uNdQcqxfgfTBhhkqWOS4jzDRNQL5MOrTKql3D/NJSA3 jb/RahyZkSGxYKTwae4qZKEixeL4hNyU+hYZHUYKb4VxAsn9Y9iOGO43u+LLw4Rp 1e/HKPV+cv741Ph4POP8cgrCe2FZNO4sRU4Ac6bL2uPPDZBhYyQYaHEsB9dFSEzc SCmYx2xwC+4=1Pv7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution:
For details on how to install and use MTC, refer to:
https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html
- Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
- Solution:
For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html
For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html
- Bugs fixed (https://bugzilla.redhat.com/):
1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1168 - Disable hostname verification in syslog TLS settings
LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd
LOG-1375 - ssl_ca_cert should be optional
LOG-1378 - CLO should support sasl_plaintext(Password over http)
LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate
LOG-1494 - Syslog output is serializing json incorrectly
LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing
LOG-1735 - Regression introducing flush_at_shutdown
LOG-1774 - The collector logs should be excluded in fluent.conf
LOG-1776 - fluentd total_limit_size sets value beyond available space
LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance
LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled
LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL
LOG-1903 - Fix the Display of ClusterLogging type in OLM
LOG-1911 - CLF API changes to Opt-in to multiline error detection
LOG-1918 - Alert FluentdNodeDown
always firing
LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding
6
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202104-1841", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "11.1.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "apple mac os x", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-017322" }, { "db": "NVD", "id": "CVE-2020-10001" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10001" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "165296" }, { "db": "PACKETSTORM", "id": "164849" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "164967" } ], "trust": 0.4 }, "cve": "CVE-2020-10001", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-10001", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-162436", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-10001", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-10001", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202102-206", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-162436", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-162436" }, { "db": "JVNDB", "id": "JVNDB-2020-017322" }, { "db": "NVD", "id": "CVE-2020-10001" }, { "db": "CNNVD", "id": "CNNVD-202102-206" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. macOS There is an input validation vulnerability in.Information may be obtained. SUSE Linux Enterprise Desktop is an enterprise server version of Linux desktop operating system of German SUSE company. There is a security vulnerability in SUSE Linux Enterprise Desktop. Attackers can use this vulnerability to forcibly read invalid addresses through the Extension field of CUPS to trigger denial of service or obtain sensitive information. A security issue was found in cups before version 2.3.3op2. A missing length check in the ippReadIO function could lead to a buffer over-read. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: cups security and bug fix update\nAdvisory ID: RHSA-2021:4393-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4393\nIssue date: 2021-11-09\nCVE Names: CVE-2020-10001\n====================================================================\n1. Summary:\n\nAn update for cups is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor Linux, UNIX, and similar operating systems. \n\nSecurity Fix(es):\n\n* cups: access to uninitialized buffer in ipp.c (CVE-2020-10001)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the cupsd service will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1782216 - Print queue is paused after ipp backend ends with CUPS_BACKEND_STOP\n1921680 - CVE-2020-10001 cups: access to uninitialized buffer in ipp.c\n1938384 - CUPS doesn\u0027t start if sssd starts after cupsd\n1941437 - cupsd doesn\u0027t log job ids when logging into journal\n1955964 - PreserveJobHistory doesn\u0027t work with seconds\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\ncups-2.2.6-40.el8.aarch64.rpm\ncups-client-2.2.6-40.el8.aarch64.rpm\ncups-client-debuginfo-2.2.6-40.el8.aarch64.rpm\ncups-debuginfo-2.2.6-40.el8.aarch64.rpm\ncups-debugsource-2.2.6-40.el8.aarch64.rpm\ncups-devel-2.2.6-40.el8.aarch64.rpm\ncups-ipptool-2.2.6-40.el8.aarch64.rpm\ncups-ipptool-debuginfo-2.2.6-40.el8.aarch64.rpm\ncups-libs-debuginfo-2.2.6-40.el8.aarch64.rpm\ncups-lpd-2.2.6-40.el8.aarch64.rpm\ncups-lpd-debuginfo-2.2.6-40.el8.aarch64.rpm\n\nnoarch:\ncups-filesystem-2.2.6-40.el8.noarch.rpm\n\nppc64le:\ncups-2.2.6-40.el8.ppc64le.rpm\ncups-client-2.2.6-40.el8.ppc64le.rpm\ncups-client-debuginfo-2.2.6-40.el8.ppc64le.rpm\ncups-debuginfo-2.2.6-40.el8.ppc64le.rpm\ncups-debugsource-2.2.6-40.el8.ppc64le.rpm\ncups-devel-2.2.6-40.el8.ppc64le.rpm\ncups-ipptool-2.2.6-40.el8.ppc64le.rpm\ncups-ipptool-debuginfo-2.2.6-40.el8.ppc64le.rpm\ncups-libs-debuginfo-2.2.6-40.el8.ppc64le.rpm\ncups-lpd-2.2.6-40.el8.ppc64le.rpm\ncups-lpd-debuginfo-2.2.6-40.el8.ppc64le.rpm\n\ns390x:\ncups-2.2.6-40.el8.s390x.rpm\ncups-client-2.2.6-40.el8.s390x.rpm\ncups-client-debuginfo-2.2.6-40.el8.s390x.rpm\ncups-debuginfo-2.2.6-40.el8.s390x.rpm\ncups-debugsource-2.2.6-40.el8.s390x.rpm\ncups-devel-2.2.6-40.el8.s390x.rpm\ncups-ipptool-2.2.6-40.el8.s390x.rpm\ncups-ipptool-debuginfo-2.2.6-40.el8.s390x.rpm\ncups-libs-debuginfo-2.2.6-40.el8.s390x.rpm\ncups-lpd-2.2.6-40.el8.s390x.rpm\ncups-lpd-debuginfo-2.2.6-40.el8.s390x.rpm\n\nx86_64:\ncups-2.2.6-40.el8.x86_64.rpm\ncups-client-2.2.6-40.el8.x86_64.rpm\ncups-client-debuginfo-2.2.6-40.el8.i686.rpm\ncups-client-debuginfo-2.2.6-40.el8.x86_64.rpm\ncups-debuginfo-2.2.6-40.el8.i686.rpm\ncups-debuginfo-2.2.6-40.el8.x86_64.rpm\ncups-debugsource-2.2.6-40.el8.i686.rpm\ncups-debugsource-2.2.6-40.el8.x86_64.rpm\ncups-devel-2.2.6-40.el8.i686.rpm\ncups-devel-2.2.6-40.el8.x86_64.rpm\ncups-ipptool-2.2.6-40.el8.x86_64.rpm\ncups-ipptool-debuginfo-2.2.6-40.el8.i686.rpm\ncups-ipptool-debuginfo-2.2.6-40.el8.x86_64.rpm\ncups-libs-debuginfo-2.2.6-40.el8.i686.rpm\ncups-libs-debuginfo-2.2.6-40.el8.x86_64.rpm\ncups-lpd-2.2.6-40.el8.x86_64.rpm\ncups-lpd-debuginfo-2.2.6-40.el8.i686.rpm\ncups-lpd-debuginfo-2.2.6-40.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncups-2.2.6-40.el8.src.rpm\n\naarch64:\ncups-client-debuginfo-2.2.6-40.el8.aarch64.rpm\ncups-debuginfo-2.2.6-40.el8.aarch64.rpm\ncups-debugsource-2.2.6-40.el8.aarch64.rpm\ncups-ipptool-debuginfo-2.2.6-40.el8.aarch64.rpm\ncups-libs-2.2.6-40.el8.aarch64.rpm\ncups-libs-debuginfo-2.2.6-40.el8.aarch64.rpm\ncups-lpd-debuginfo-2.2.6-40.el8.aarch64.rpm\n\nppc64le:\ncups-client-debuginfo-2.2.6-40.el8.ppc64le.rpm\ncups-debuginfo-2.2.6-40.el8.ppc64le.rpm\ncups-debugsource-2.2.6-40.el8.ppc64le.rpm\ncups-ipptool-debuginfo-2.2.6-40.el8.ppc64le.rpm\ncups-libs-2.2.6-40.el8.ppc64le.rpm\ncups-libs-debuginfo-2.2.6-40.el8.ppc64le.rpm\ncups-lpd-debuginfo-2.2.6-40.el8.ppc64le.rpm\n\ns390x:\ncups-client-debuginfo-2.2.6-40.el8.s390x.rpm\ncups-debuginfo-2.2.6-40.el8.s390x.rpm\ncups-debugsource-2.2.6-40.el8.s390x.rpm\ncups-ipptool-debuginfo-2.2.6-40.el8.s390x.rpm\ncups-libs-2.2.6-40.el8.s390x.rpm\ncups-libs-debuginfo-2.2.6-40.el8.s390x.rpm\ncups-lpd-debuginfo-2.2.6-40.el8.s390x.rpm\n\nx86_64:\ncups-client-debuginfo-2.2.6-40.el8.i686.rpm\ncups-client-debuginfo-2.2.6-40.el8.x86_64.rpm\ncups-debuginfo-2.2.6-40.el8.i686.rpm\ncups-debuginfo-2.2.6-40.el8.x86_64.rpm\ncups-debugsource-2.2.6-40.el8.i686.rpm\ncups-debugsource-2.2.6-40.el8.x86_64.rpm\ncups-ipptool-debuginfo-2.2.6-40.el8.i686.rpm\ncups-ipptool-debuginfo-2.2.6-40.el8.x86_64.rpm\ncups-libs-2.2.6-40.el8.i686.rpm\ncups-libs-2.2.6-40.el8.x86_64.rpm\ncups-libs-debuginfo-2.2.6-40.el8.i686.rpm\ncups-libs-debuginfo-2.2.6-40.el8.x86_64.rpm\ncups-lpd-debuginfo-2.2.6-40.el8.i686.rpm\ncups-lpd-debuginfo-2.2.6-40.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10001\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrdptzjgjWX9erEAQifnA//fTvcvlIMMRvl8mpYAZuZ9Tv8ZLKYT62j\nLfH/kVsjq5mJDCPUErwq7XgWN0RfhXaV7dPvB/FbCR1Vh4xtrQEev9JsOkP4g/3z\nWeuNvlfEtgNcSTSeVJEgIDPi1Dqr4PfNfcy81PWzU0T9K2i17BAIlqVcE7N8Zq71\nazP5IT5M7xZU21PbqnDy5ULgb5CVtexslxemufa7kkeRDTl8FjeSq7nWXV4DWAjP\n2W9/wzHfGgXtMn4wp/64knWPFROocKiwhj69YTGgPecvdvWHnIkZ9cwWSpAT0LIj\nSIxRTZoGyusouZZV8gchVS9qtsl4VP1B15QF2C1FK8kiJfEaxeJVH9Kf89QLsX8s\nZtVMW4WlqWyBI0kmCL4Yz/bxkBnQuhzgbb+tO4347gpaXpW6zwTu8qp2iYBYHFyX\nEQFaxYTXaV9kxHgkDNqnw5m5Fi+Q/hz7sZcX8485BbDeqbqqVdi2QdvCsCtPcIgj\nGTp0dTOwoJc/3o35e6cv4uNdQcqxfgfTBhhkqWOS4jzDRNQL5MOrTKql3D/NJSA3\njb/RahyZkSGxYKTwae4qZKEixeL4hNyU+hYZHUYKb4VxAsn9Y9iOGO43u+LLw4Rp\n1e/HKPV+cv741Ph4POP8cgrCe2FZNO4sRU4Ac6bL2uPPDZBhYyQYaHEsB9dFSEzc\nSCmYx2xwC+4=1Pv7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2019088 - \"MigrationController\" CR displays syntax error when unquiescing applications\n2021666 - Route name longer than 63 characters causes direct volume migration to fail\n2021668 - \"MigrationController\" CR ignores the \"cluster_subdomain\" value for direct volume migration routes\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image\n2027196 - \"migration-controller\" pod goes into \"CrashLoopBackoff\" state if an invalid registry route is entered on the \"Clusters\" page of the web console\n2027382 - \"Copy oc describe/oc logs\" window does not close automatically after timeout\n2028841 - \"rsync-client\" container fails during direct volume migration with \"Address family not supported by protocol\" error\n2031793 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"includedResources\" resource\n2039852 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"destMigClusterRef\" or \"srcMigClusterRef\"\n\n5. Solution:\n\nFor OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1168 - Disable hostname verification in syslog TLS settings\nLOG-1235 - Using HTTPS without a secret does not translate into the correct \u0027scheme\u0027 value in Fluentd\nLOG-1375 - ssl_ca_cert should be optional\nLOG-1378 - CLO should support sasl_plaintext(Password over http)\nLOG-1392 - In fluentd config, flush_interval can\u0027t be set with flush_mode=immediate\nLOG-1494 - Syslog output is serializing json incorrectly\nLOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\nLOG-1575 - Rejected by Elasticsearch and unexpected json-parsing\nLOG-1735 - Regression introducing flush_at_shutdown \nLOG-1774 - The collector logs should be excluded in fluent.conf\nLOG-1776 - fluentd total_limit_size sets value beyond available space\nLOG-1822 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled\nLOG-1862 - Unsupported kafka parameters when enabled Kafka SASL\nLOG-1903 - Fix the Display of ClusterLogging type in OLM\nLOG-1911 - CLF API changes to Opt-in to multiline error detection\nLOG-1918 - Alert `FluentdNodeDown` always firing \nLOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding\n\n6", "sources": [ { "db": "NVD", "id": "CVE-2020-10001" }, { "db": "JVNDB", "id": "JVNDB-2020-017322" }, { "db": "VULHUB", "id": "VHN-162436" }, { "db": "VULMON", "id": "CVE-2020-10001" }, { "db": "PACKETSTORM", "id": "165296" }, { "db": "PACKETSTORM", "id": "164849" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "164967" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10001", "trust": 3.8 }, { "db": "PACKETSTORM", "id": "165296", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "164849", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "165631", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "164967", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95288122", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-017322", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202102-206", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3767", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.2675", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0393", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4254", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3905", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0245", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3624", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060108", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022053129", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-162436", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-10001", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-162436" }, { "db": "VULMON", "id": "CVE-2020-10001" }, { "db": "JVNDB", "id": "JVNDB-2020-017322" }, { "db": "PACKETSTORM", "id": "165296" }, { "db": "PACKETSTORM", "id": "164849" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "164967" }, { "db": "NVD", "id": "CVE-2020-10001" }, { "db": "CNNVD", "id": "CNNVD-202102-206" } ] }, "id": "VAR-202104-1841", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-162436" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:39:12.843000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT212011", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html" }, { "title": "SUSE Linux Enterprise Desktop Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140705" }, { "title": "Arch Linux Advisories: [ASA-202102-13] cups: information disclosure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202102-13" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-10001 log" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-10001" }, { "db": "JVNDB", "id": "JVNDB-2020-017322" }, { "db": "CNNVD", "id": "CNNVD-202102-206" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.1 }, { "problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-162436" }, { "db": "JVNDB", "id": "JVNDB-2020-017322" }, { "db": "NVD", "id": "CVE-2020-10001" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001" }, { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212011" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95288122/index.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0245" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3624" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3767" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3905" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060108" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165296/red-hat-security-advisory-2021-5137-03.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0393" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165631/red-hat-security-advisory-2022-0202-04.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164849/red-hat-security-advisory-2021-4393-03.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4254" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/cups-out-of-bounds-memory-reading-via-extension-field-34465" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.2675" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164967/red-hat-security-advisory-2021-4627-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022053129" }, { "trust": 0.4, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-10001" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3200" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25013" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35522" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35524" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-27645" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-33574" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-13435" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-5827" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-24370" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14145" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-13751" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25014" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-19603" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25012" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35521" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-35942" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17594" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3572" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-12762" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-36086" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3778" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22898" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-16135" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-36084" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-17541" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3800" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-36087" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36331" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-31535" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3445" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22925" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36330" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-20232" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-20266" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20838" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22876" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-20231" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36332" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-14155" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-36085" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-33560" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-17595" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3481" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-42574" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25009" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25010" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35523" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-28153" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-13750" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3426" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-18218" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3580" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3796" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24504" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-27777" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20239" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36158" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35448" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3635" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20284" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36386" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24586" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3348" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26140" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3487" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26146" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-31440" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3732" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-0129" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-43527" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24502" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3564" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-0427" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-23133" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26144" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3679" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36312" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-29368" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24588" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-29646" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-29155" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3489" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-29660" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3712" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26139" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-28971" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-23841" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14615" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26143" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3600" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26145" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-20673" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-23840" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-33200" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-29650" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-33033" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20194" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26147" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-31916" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24503" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24502" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-31829" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3573" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20197" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-26141" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-28950" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24587" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24503" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3659" }, { "trust": 0.1, "url": "https://security.archlinux.org/asa-202102-13" }, { "trust": 0.1, "url": "https://security.archlinux.org/cve-2020-10001" }, { "trust": 0.1, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-44228" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5137" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4393" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3733" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1870" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3575" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30758" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15389" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33938" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33929" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-41617" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30665" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12973" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30689" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30682" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33928" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22946" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-18032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1801" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33930" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1765" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26927" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20847" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27918" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30795" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30744" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21775" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27814" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36241" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20321" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21779" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20271" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3948" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22947" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27828" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1871" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29338" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30734" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26926" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28650" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24870" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1789" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30663" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3272" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0202" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27824" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33194" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4627" } ], "sources": [ { "db": "VULHUB", "id": "VHN-162436" }, { "db": "VULMON", "id": "CVE-2020-10001" }, { "db": "JVNDB", "id": "JVNDB-2020-017322" }, { "db": "PACKETSTORM", "id": "165296" }, { "db": "PACKETSTORM", "id": "164849" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "164967" }, { "db": "NVD", "id": "CVE-2020-10001" }, { "db": "CNNVD", "id": "CNNVD-202102-206" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-162436" }, { "db": "VULMON", "id": "CVE-2020-10001" }, { "db": "JVNDB", "id": "JVNDB-2020-017322" }, { "db": "PACKETSTORM", "id": "165296" }, { "db": "PACKETSTORM", "id": "164849" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "164967" }, { "db": "NVD", "id": "CVE-2020-10001" }, { "db": "CNNVD", "id": "CNNVD-202102-206" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-02T00:00:00", "db": "VULHUB", "id": "VHN-162436" }, { "date": "2021-04-02T00:00:00", "db": "VULMON", "id": "CVE-2020-10001" }, { "date": "2022-09-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-017322" }, { "date": "2021-12-15T15:27:05", "db": "PACKETSTORM", "id": "165296" }, { "date": "2021-11-10T17:06:37", "db": "PACKETSTORM", "id": "164849" }, { "date": "2022-01-20T17:48:29", "db": "PACKETSTORM", "id": "165631" }, { "date": "2021-11-15T17:25:56", "db": "PACKETSTORM", "id": "164967" }, { "date": "2021-04-02T18:15:14.357000", "db": "NVD", "id": "CVE-2020-10001" }, { "date": "2021-02-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-206" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-30T00:00:00", "db": "VULHUB", "id": "VHN-162436" }, { "date": "2021-04-07T00:00:00", "db": "VULMON", "id": "CVE-2020-10001" }, { "date": "2022-09-07T08:02:00", "db": "JVNDB", "id": "JVNDB-2020-017322" }, { "date": "2021-11-30T21:49:17.823000", "db": "NVD", "id": "CVE-2020-10001" }, { "date": "2022-06-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-206" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-206" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "macOS\u00a0 Input verification vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-017322" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-206" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.