var-202003-1125
Vulnerability from variot
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. systemd Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Systemd is a Linux-based system and service manager for German Lennart Poettering software developers. This product is compatible with SysV and LSB startup scripts, and provides a framework for expressing dependencies between system services.
Systemd has a resource management error vulnerability, which originates from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are provided at this time. (CVE-2018-16888).
Bug Fix(es):
-
systemd: systemctl reload command breaks ordering dependencies between units (BZ#1781712)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: systemd security update Advisory ID: RHSA-2020:0564-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0564 Issue date: 2020-02-20 CVE Names: CVE-2020-1712 ==================================================================== 1. Summary:
An update for systemd is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64
- It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.
Security Fix(es):
- systemd: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux BaseOS E4S (v. 8.0):
Source: systemd-239-13.el8_0.7.src.rpm
aarch64: systemd-239-13.el8_0.7.aarch64.rpm systemd-container-239-13.el8_0.7.aarch64.rpm systemd-container-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-debugsource-239-13.el8_0.7.aarch64.rpm systemd-devel-239-13.el8_0.7.aarch64.rpm systemd-journal-remote-239-13.el8_0.7.aarch64.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-libs-239-13.el8_0.7.aarch64.rpm systemd-libs-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-pam-239-13.el8_0.7.aarch64.rpm systemd-pam-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-tests-239-13.el8_0.7.aarch64.rpm systemd-tests-debuginfo-239-13.el8_0.7.aarch64.rpm systemd-udev-239-13.el8_0.7.aarch64.rpm systemd-udev-debuginfo-239-13.el8_0.7.aarch64.rpm
ppc64le: systemd-239-13.el8_0.7.ppc64le.rpm systemd-container-239-13.el8_0.7.ppc64le.rpm systemd-container-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-debugsource-239-13.el8_0.7.ppc64le.rpm systemd-devel-239-13.el8_0.7.ppc64le.rpm systemd-journal-remote-239-13.el8_0.7.ppc64le.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-libs-239-13.el8_0.7.ppc64le.rpm systemd-libs-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-pam-239-13.el8_0.7.ppc64le.rpm systemd-pam-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-tests-239-13.el8_0.7.ppc64le.rpm systemd-tests-debuginfo-239-13.el8_0.7.ppc64le.rpm systemd-udev-239-13.el8_0.7.ppc64le.rpm systemd-udev-debuginfo-239-13.el8_0.7.ppc64le.rpm
s390x: systemd-239-13.el8_0.7.s390x.rpm systemd-container-239-13.el8_0.7.s390x.rpm systemd-container-debuginfo-239-13.el8_0.7.s390x.rpm systemd-debuginfo-239-13.el8_0.7.s390x.rpm systemd-debugsource-239-13.el8_0.7.s390x.rpm systemd-devel-239-13.el8_0.7.s390x.rpm systemd-journal-remote-239-13.el8_0.7.s390x.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.s390x.rpm systemd-libs-239-13.el8_0.7.s390x.rpm systemd-libs-debuginfo-239-13.el8_0.7.s390x.rpm systemd-pam-239-13.el8_0.7.s390x.rpm systemd-pam-debuginfo-239-13.el8_0.7.s390x.rpm systemd-tests-239-13.el8_0.7.s390x.rpm systemd-tests-debuginfo-239-13.el8_0.7.s390x.rpm systemd-udev-239-13.el8_0.7.s390x.rpm systemd-udev-debuginfo-239-13.el8_0.7.s390x.rpm
x86_64: systemd-239-13.el8_0.7.i686.rpm systemd-239-13.el8_0.7.x86_64.rpm systemd-container-239-13.el8_0.7.i686.rpm systemd-container-239-13.el8_0.7.x86_64.rpm systemd-container-debuginfo-239-13.el8_0.7.i686.rpm systemd-container-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-debuginfo-239-13.el8_0.7.i686.rpm systemd-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-debugsource-239-13.el8_0.7.i686.rpm systemd-debugsource-239-13.el8_0.7.x86_64.rpm systemd-devel-239-13.el8_0.7.i686.rpm systemd-devel-239-13.el8_0.7.x86_64.rpm systemd-journal-remote-239-13.el8_0.7.x86_64.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.i686.rpm systemd-journal-remote-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-libs-239-13.el8_0.7.i686.rpm systemd-libs-239-13.el8_0.7.x86_64.rpm systemd-libs-debuginfo-239-13.el8_0.7.i686.rpm systemd-libs-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-pam-239-13.el8_0.7.x86_64.rpm systemd-pam-debuginfo-239-13.el8_0.7.i686.rpm systemd-pam-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-tests-239-13.el8_0.7.x86_64.rpm systemd-tests-debuginfo-239-13.el8_0.7.i686.rpm systemd-tests-debuginfo-239-13.el8_0.7.x86_64.rpm systemd-udev-239-13.el8_0.7.x86_64.rpm systemd-udev-debuginfo-239-13.el8_0.7.i686.rpm systemd-udev-debuginfo-239-13.el8_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1712 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXk8DR9zjgjWX9erEAQgBCg//bdjwG4MYbuUKH41pwWeyyVXLClAEkUTT irLt1PiN07Ij5q0Gd9UTrd0SAsmUZTWpgSfPktIHldaWmTSfUPAX6v7ls2Rsivqr ut7n34YIP5DFKk6UKVl6HBGv8O+H/4Now/2NyizaNVjM0FI8vE27OlObfE7Y2UX6 BUPtRK/4rEl2pqEthSI1Kj/PRgc2B+nfvXbhK2BrRqG8WW0CUeDBC1I1GvpJbQEG D/IVBt5GKFdAN+f2MvN4aldShOej31BbUGrewISOsfd61epJl4QTGHMKqt0e58q2 axRrPcigMj5tKDa6Dr55ubs1xDQ2sAk/3wyy+RLhQEexWTZJUc19O+nvM8/stfFd 0DlYxg7j8p0BKODcab733VcveoRZj+AQp87umHjvvoTHR9eaCECCXqyHGOF9Tgfy X2PhZniainF2qMH9jlEQeF3n1EwRw0aaFhrEX49OOMufeGHHBCz3yAyAlvb73qcT gfFiZb3Y2X3FbnRZTwv8bSXy9/tp1LA9QWfrX/hNpHYnPNcsJAdrLxOAjdLXL7sd XLIPPQ3kydDRjZ1S4tUzJgRwiq4T6gR4HMF6lHF0s9HIp9l6R3PoQpfPZiK1Ffsf HSzoC6UXy+fI9OesRyKQuCOErujb9ZBpNIcZkxjXLt6vUAh75peSOd9vnzullSAl QZ/iez2MHuc=dZRW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
-
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
-
kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
-
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
-
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing
-
grafana: stored XSS (CVE-2020-11110)
-
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
-
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
-
nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
openshift/console: text injection on error page via crafted url (CVE-2020-10715)
-
kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
-
openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing
-
Gentoo Linux Security Advisory GLSA 202003-20
https://security.gentoo.org/
Severity: High Title: systemd: Heap use-after-free Date: March 15, 2020 Bugs: #708806 ID: 202003-20
Synopsis
A heap use-after-free flaw in systemd at worst might allow an attacker to execute arbitrary code.
Background
A system and service manager.
Workaround
There is no known workaround at this time.
Resolution
All systemd users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/systemd-244.3"
References
[ 1 ] CVE-2020-1712 https://nvd.nist.gov/vuln/detail/CVE-2020-1712
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Description:
Red Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace server and a browser-based IDE built for teams and organizations. CodeReady Workspaces runs in OpenShift and is well-suited for container-based development. Solution:
To start using CodeReady Workspaces, download and install it using the instructions provided in the Red Hat CodeReady Workspaces Installation Guide linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
1816789 - CVE-2020-10689 che: pods in kubernetes cluster can bypass JWT proxy and send unauthenticated requests to workspace pods
- JIRA issues fixed (https://issues.jboss.org/):
CRW-402 - CRW 2.1 devfiles
CRW-507 - CRW 2.1 Overall Epic
CRW-510 - When not using TLS, Openshift plugin does not allow login via UI (but does work via console login)
CRW-533 - Factory are never redirecting to the IDE once loaded
CRW-535 - update factories link in CRW dashboard to point to updated user doc
CRW-537 - Patches in che-theia repo for theia are not applied in crw-theia build
CRW-544 - CRW 2.1 plugins+images
CRW-572 - Node 10 example results in "Error: Cannot find module 'express'"
CRW-573 - CRW 2.0.x branding update
CRW-574 - Cannot inject a devfile or plugin at runtime (container doesn't include yq or build scripts)
CRW-784 - Tag not replaced by digest in the latest
version of plugins in the registry
- ========================================================================== Ubuntu Security Notice USN-4269-1 February 05, 2020
systemd vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in systemd. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-16888)
It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. (CVE-2019-20386)
Jann Horn discovered that systemd incorrectly handled services that use the DynamicUser property. A local attacker could possibly use this issue to access resources owned by a different service in the future. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-1712)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.10: systemd 242-7ubuntu3.6
Ubuntu 18.04 LTS: systemd 237-3ubuntu10.38
Ubuntu 16.04 LTS: systemd 229-4ubuntu21.27
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-1125", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "discovery", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": null }, { "model": "migration toolkit", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "openshift container platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "systemd", "scope": "lte", "trust": 1.0, "vendor": "systemd", "version": "244" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "ceph storage", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "systemd", "scope": "eq", "trust": 0.8, "vendor": "freedesktop", "version": "245-rc1" }, { "model": "ceph storage", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "discovery", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "enterprise linux", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "migration toolkit", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "openshift container platform", "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": "systemd", "scope": null, "trust": 0.6, "vendor": "systemd", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-14277" }, { "db": "JVNDB", "id": "JVNDB-2020-003920" }, { "db": "NVD", "id": "CVE-2020-1712" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:freedesktop:systemd", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:ceph_storage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:discovery", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:migration_toolkit", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:openshift_container_platform", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003920" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ubuntu,Red Hat,Gentoo", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-302" } ], "trust": 0.6 }, "cve": "CVE-2020-1712", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2020-1712", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-003920", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2020-14277", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-1712", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-003920", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-1712", "trust": 1.0, "value": "HIGH" }, { "author": "secalert@redhat.com", "id": "CVE-2020-1712", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-003920", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-14277", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202002-302", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-1712", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-14277" }, { "db": "VULMON", "id": "CVE-2020-1712" }, { "db": "JVNDB", "id": "JVNDB-2020-003920" }, { "db": "CNNVD", "id": "CNNVD-202002-302" }, { "db": "NVD", "id": "CVE-2020-1712" }, { "db": "NVD", "id": "CVE-2020-1712" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. systemd Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Systemd is a Linux-based system and service manager for German Lennart Poettering software developers. This product is compatible with SysV and LSB startup scripts, and provides a framework for expressing dependencies between system services. \n\r\n\r\nSystemd has a resource management error vulnerability, which originates from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are provided at this time. \n(CVE-2018-16888). \n\nBug Fix(es):\n\n* systemd: systemctl reload command breaks ordering dependencies between\nunits (BZ#1781712)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: systemd security update\nAdvisory ID: RHSA-2020:0564-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0564\nIssue date: 2020-02-20\nCVE Names: CVE-2020-1712\n====================================================================\n1. Summary:\n\nAn update for systemd is now available for Red Hat Enterprise Linux 8.0\nUpdate Services for SAP Solutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64\n\n3. It provides\naggressive parallelism capabilities, uses socket and D-Bus activation for\nstarting services, offers on-demand starting of daemons, and keeps track of\nprocesses using Linux cgroups. In addition, it supports snapshotting and\nrestoring of the system state, maintains mount and automount points, and\nimplements an elaborate transactional dependency-based service control\nlogic. It can also work as a drop-in replacement for sysvinit. \n\nSecurity Fix(es):\n\n* systemd: use-after-free when asynchronous polkit queries are performed\n(CVE-2020-1712)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux BaseOS E4S (v. 8.0):\n\nSource:\nsystemd-239-13.el8_0.7.src.rpm\n\naarch64:\nsystemd-239-13.el8_0.7.aarch64.rpm\nsystemd-container-239-13.el8_0.7.aarch64.rpm\nsystemd-container-debuginfo-239-13.el8_0.7.aarch64.rpm\nsystemd-debuginfo-239-13.el8_0.7.aarch64.rpm\nsystemd-debugsource-239-13.el8_0.7.aarch64.rpm\nsystemd-devel-239-13.el8_0.7.aarch64.rpm\nsystemd-journal-remote-239-13.el8_0.7.aarch64.rpm\nsystemd-journal-remote-debuginfo-239-13.el8_0.7.aarch64.rpm\nsystemd-libs-239-13.el8_0.7.aarch64.rpm\nsystemd-libs-debuginfo-239-13.el8_0.7.aarch64.rpm\nsystemd-pam-239-13.el8_0.7.aarch64.rpm\nsystemd-pam-debuginfo-239-13.el8_0.7.aarch64.rpm\nsystemd-tests-239-13.el8_0.7.aarch64.rpm\nsystemd-tests-debuginfo-239-13.el8_0.7.aarch64.rpm\nsystemd-udev-239-13.el8_0.7.aarch64.rpm\nsystemd-udev-debuginfo-239-13.el8_0.7.aarch64.rpm\n\nppc64le:\nsystemd-239-13.el8_0.7.ppc64le.rpm\nsystemd-container-239-13.el8_0.7.ppc64le.rpm\nsystemd-container-debuginfo-239-13.el8_0.7.ppc64le.rpm\nsystemd-debuginfo-239-13.el8_0.7.ppc64le.rpm\nsystemd-debugsource-239-13.el8_0.7.ppc64le.rpm\nsystemd-devel-239-13.el8_0.7.ppc64le.rpm\nsystemd-journal-remote-239-13.el8_0.7.ppc64le.rpm\nsystemd-journal-remote-debuginfo-239-13.el8_0.7.ppc64le.rpm\nsystemd-libs-239-13.el8_0.7.ppc64le.rpm\nsystemd-libs-debuginfo-239-13.el8_0.7.ppc64le.rpm\nsystemd-pam-239-13.el8_0.7.ppc64le.rpm\nsystemd-pam-debuginfo-239-13.el8_0.7.ppc64le.rpm\nsystemd-tests-239-13.el8_0.7.ppc64le.rpm\nsystemd-tests-debuginfo-239-13.el8_0.7.ppc64le.rpm\nsystemd-udev-239-13.el8_0.7.ppc64le.rpm\nsystemd-udev-debuginfo-239-13.el8_0.7.ppc64le.rpm\n\ns390x:\nsystemd-239-13.el8_0.7.s390x.rpm\nsystemd-container-239-13.el8_0.7.s390x.rpm\nsystemd-container-debuginfo-239-13.el8_0.7.s390x.rpm\nsystemd-debuginfo-239-13.el8_0.7.s390x.rpm\nsystemd-debugsource-239-13.el8_0.7.s390x.rpm\nsystemd-devel-239-13.el8_0.7.s390x.rpm\nsystemd-journal-remote-239-13.el8_0.7.s390x.rpm\nsystemd-journal-remote-debuginfo-239-13.el8_0.7.s390x.rpm\nsystemd-libs-239-13.el8_0.7.s390x.rpm\nsystemd-libs-debuginfo-239-13.el8_0.7.s390x.rpm\nsystemd-pam-239-13.el8_0.7.s390x.rpm\nsystemd-pam-debuginfo-239-13.el8_0.7.s390x.rpm\nsystemd-tests-239-13.el8_0.7.s390x.rpm\nsystemd-tests-debuginfo-239-13.el8_0.7.s390x.rpm\nsystemd-udev-239-13.el8_0.7.s390x.rpm\nsystemd-udev-debuginfo-239-13.el8_0.7.s390x.rpm\n\nx86_64:\nsystemd-239-13.el8_0.7.i686.rpm\nsystemd-239-13.el8_0.7.x86_64.rpm\nsystemd-container-239-13.el8_0.7.i686.rpm\nsystemd-container-239-13.el8_0.7.x86_64.rpm\nsystemd-container-debuginfo-239-13.el8_0.7.i686.rpm\nsystemd-container-debuginfo-239-13.el8_0.7.x86_64.rpm\nsystemd-debuginfo-239-13.el8_0.7.i686.rpm\nsystemd-debuginfo-239-13.el8_0.7.x86_64.rpm\nsystemd-debugsource-239-13.el8_0.7.i686.rpm\nsystemd-debugsource-239-13.el8_0.7.x86_64.rpm\nsystemd-devel-239-13.el8_0.7.i686.rpm\nsystemd-devel-239-13.el8_0.7.x86_64.rpm\nsystemd-journal-remote-239-13.el8_0.7.x86_64.rpm\nsystemd-journal-remote-debuginfo-239-13.el8_0.7.i686.rpm\nsystemd-journal-remote-debuginfo-239-13.el8_0.7.x86_64.rpm\nsystemd-libs-239-13.el8_0.7.i686.rpm\nsystemd-libs-239-13.el8_0.7.x86_64.rpm\nsystemd-libs-debuginfo-239-13.el8_0.7.i686.rpm\nsystemd-libs-debuginfo-239-13.el8_0.7.x86_64.rpm\nsystemd-pam-239-13.el8_0.7.x86_64.rpm\nsystemd-pam-debuginfo-239-13.el8_0.7.i686.rpm\nsystemd-pam-debuginfo-239-13.el8_0.7.x86_64.rpm\nsystemd-tests-239-13.el8_0.7.x86_64.rpm\nsystemd-tests-debuginfo-239-13.el8_0.7.i686.rpm\nsystemd-tests-debuginfo-239-13.el8_0.7.x86_64.rpm\nsystemd-udev-239-13.el8_0.7.x86_64.rpm\nsystemd-udev-debuginfo-239-13.el8_0.7.i686.rpm\nsystemd-udev-debuginfo-239-13.el8_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1712\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXk8DR9zjgjWX9erEAQgBCg//bdjwG4MYbuUKH41pwWeyyVXLClAEkUTT\nirLt1PiN07Ij5q0Gd9UTrd0SAsmUZTWpgSfPktIHldaWmTSfUPAX6v7ls2Rsivqr\nut7n34YIP5DFKk6UKVl6HBGv8O+H/4Now/2NyizaNVjM0FI8vE27OlObfE7Y2UX6\nBUPtRK/4rEl2pqEthSI1Kj/PRgc2B+nfvXbhK2BrRqG8WW0CUeDBC1I1GvpJbQEG\nD/IVBt5GKFdAN+f2MvN4aldShOej31BbUGrewISOsfd61epJl4QTGHMKqt0e58q2\naxRrPcigMj5tKDa6Dr55ubs1xDQ2sAk/3wyy+RLhQEexWTZJUc19O+nvM8/stfFd\n0DlYxg7j8p0BKODcab733VcveoRZj+AQp87umHjvvoTHR9eaCECCXqyHGOF9Tgfy\nX2PhZniainF2qMH9jlEQeF3n1EwRw0aaFhrEX49OOMufeGHHBCz3yAyAlvb73qcT\ngfFiZb3Y2X3FbnRZTwv8bSXy9/tp1LA9QWfrX/hNpHYnPNcsJAdrLxOAjdLXL7sd\nXLIPPQ3kydDRjZ1S4tUzJgRwiq4T6gR4HMF6lHF0s9HIp9l6R3PoQpfPZiK1Ffsf\nHSzoC6UXy+fI9OesRyKQuCOErujb9ZBpNIcZkxjXLt6vUAh75peSOd9vnzullSAl\nQZ/iez2MHuc=dZRW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table\nPanel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular\nexpressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code\nexecution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of\nsignature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url\n(CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking\n(CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets\n(CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking\n1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability\n1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions\n1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip\n1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures\n1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets\n1861044 - CVE-2020-11110 grafana: stored XSS\n1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: systemd: Heap use-after-free\n Date: March 15, 2020\n Bugs: #708806\n ID: 202003-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA heap use-after-free flaw in systemd at worst might allow an attacker\nto execute arbitrary code. \n\nBackground\n==========\n\nA system and service manager. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll systemd users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-apps/systemd-244.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-1712\n https://nvd.nist.gov/vuln/detail/CVE-2020-1712\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-20\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nRed Hat CodeReady Workspaces 2.1.0 provides a cloud developer-workspace\nserver and a browser-based IDE built for teams and organizations. CodeReady\nWorkspaces runs in OpenShift and is well-suited for container-based\ndevelopment. Solution:\n\nTo start using CodeReady Workspaces, download and install it using the\ninstructions provided in the Red Hat CodeReady Workspaces Installation\nGuide linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1816789 - CVE-2020-10689 che: pods in kubernetes cluster can bypass JWT proxy and send unauthenticated requests to workspace pods\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nCRW-402 - CRW 2.1 devfiles\nCRW-507 - CRW 2.1 Overall Epic\nCRW-510 - When not using TLS, Openshift plugin does not allow login via UI (but does work via console login)\nCRW-533 - Factory are never redirecting to the IDE once loaded\nCRW-535 - update factories link in CRW dashboard to point to updated user doc\nCRW-537 - Patches in che-theia repo for theia are not applied in crw-theia build\nCRW-544 - CRW 2.1 plugins+images\nCRW-572 - Node 10 example results in \"Error: Cannot find module \u0027express\u0027\"\nCRW-573 - CRW 2.0.x branding update\nCRW-574 - Cannot inject a devfile or plugin at runtime (container doesn\u0027t include yq or build scripts)\nCRW-784 - Tag not replaced by digest in the `latest` version of plugins in the registry\n\n6. ==========================================================================\nUbuntu Security Notice USN-4269-1\nFebruary 05, 2020\n\nsystemd vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in systemd. \nA local attacker could possibly use this issue to trick systemd into\nkilling privileged processes. This issue only affected Ubuntu 16.04 LTS. \n(CVE-2018-16888)\n\nIt was discovered that systemd incorrectly handled certain udevadm trigger\ncommands. A local attacker could possibly use this issue to cause systemd\nto consume resources, leading to a denial of service. (CVE-2019-20386)\n\nJann Horn discovered that systemd incorrectly handled services that use the\nDynamicUser property. A local attacker could possibly use this issue to\naccess resources owned by a different service in the future. This issue\nonly affected Ubuntu 18.04 LTS. (CVE-2020-1712)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.10:\n systemd 242-7ubuntu3.6\n\nUbuntu 18.04 LTS:\n systemd 237-3ubuntu10.38\n\nUbuntu 16.04 LTS:\n systemd 229-4ubuntu21.27\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2020-1712" }, { "db": "JVNDB", "id": "JVNDB-2020-003920" }, { "db": "CNVD", "id": "CNVD-2020-14277" }, { "db": "VULMON", "id": "CVE-2020-1712" }, { "db": "PACKETSTORM", "id": "156510" }, { "db": "PACKETSTORM", "id": "156465" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "156740" }, { "db": "PACKETSTORM", "id": "157228" }, { "db": "PACKETSTORM", "id": "156226" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-1712", "trust": 3.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2020/02/05/1", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2020-003920", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "156510", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156465", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156740", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157228", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156226", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2020-14277", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0443", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3700", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0633", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1349", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0661", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202002-302", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-1712", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159727", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-14277" }, { "db": "VULMON", "id": "CVE-2020-1712" }, { "db": "JVNDB", "id": "JVNDB-2020-003920" }, { "db": "PACKETSTORM", "id": "156510" }, { "db": "PACKETSTORM", "id": "156465" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "156740" }, { "db": "PACKETSTORM", "id": "157228" }, { "db": "PACKETSTORM", "id": "156226" }, { "db": "CNNVD", "id": "CNNVD-202002-302" }, { "db": "NVD", "id": "CVE-2020-1712" } ] }, "id": "VAR-202003-1125", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-14277" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-14277" } ] }, "last_update_date": "2024-11-23T20:43:27.219000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "sd-bus: introduce API for re-enqueuing incoming messages", "trust": 0.8, "url": "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54" }, { "title": "polkit: when authorizing via PK let\u0027s re-resolve callback/userdata in\u2026", "trust": 0.8, "url": "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb" }, { "title": "Fix typo in function name", "trust": 0.8, "url": "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d" }, { "title": "Merge branch \u0027polkit-ref-count\u0027", "trust": 0.8, "url": "https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2" }, { "title": "Bug 1794578", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1712" }, { "title": "Patch for Systemd Resource Management Error Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/205305" }, { "title": "systemd Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110682" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2020/04/06/security_roundup/" }, { "title": "Red Hat: Important: systemd security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200564 - Security Advisory" }, { "title": "Red Hat: Important: systemd security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200575 - Security Advisory" }, { "title": "Debian CVElist Bug Report Logs: systemd: CVE-2020-1712", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2c2746b33bd39124d12ed8e5982f4f46" }, { "title": "Arch Linux Advisories: [ASA-202002-8] systemd: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202002-8" }, { "title": "Amazon Linux 2: ALAS2-2020-1388", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1388" }, { "title": "Ubuntu Security Notice: systemd vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4269-1" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-1712 log" }, { "title": "Red Hat: Moderate: Red Hat CodeReady Workspaces 2.1.0 release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201475 - Security Advisory" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204298 - Security Advisory" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2020-1712 " }, { "title": "CacheChecker", "trust": 0.1, "url": "https://github.com/SamanthaYu/CacheChecker " }, { "title": "master_librarian", "trust": 0.1, "url": "https://github.com/CoolerVoid/master_librarian " }, { "title": "snykout", "trust": 0.1, "url": "https://github.com/garethr/snykout " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-14277" }, { "db": "VULMON", "id": "CVE-2020-1712" }, { "db": "JVNDB", "id": "JVNDB-2020-003920" }, { "db": "CNNVD", "id": "CNNVD-202002-302" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003920" }, { "db": "NVD", "id": "CVE-2020-1712" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://www.openwall.com/lists/oss-security/2020/02/05/1" }, { "trust": 1.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1712" }, { "trust": 1.7, "url": "https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2" }, { "trust": 1.7, "url": "https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2020-1712" }, { "trust": 1.7, "url": "https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb" }, { "trust": 1.7, "url": "https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html" }, { "trust": 1.0, "url": "https://access.redhat.com/security/cve/cve-2020-1712" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1712" }, { "trust": 0.6, "url": "https://access.redhat.com/errata/rhsa-2020" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200353-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3700/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1349/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156465/red-hat-security-advisory-2020-0564-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156226/ubuntu-security-notice-usn-4269-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0443/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0633/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/systemd-use-after-free-via-asynchronous-polkit-queries-31527" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156740/gentoo-linux-security-advisory-202003-20.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0661/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156510/red-hat-security-advisory-2020-0575-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157228/red-hat-security-advisory-2020-1475-01.html" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:0564" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-18408" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10531" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/416.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2020-1712" }, { "trust": 0.1, "url": "https://github.com/samanthayu/cachechecker" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://alas.aws.amazon.com/al2/alas-2020-1388.html" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4269-1/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:0575" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8768" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20852" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8535" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10743" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19126" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8518" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12448" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8611" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8203" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6251" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8676" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17451" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20060" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7150" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1547" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7664" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8607" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12052" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5482" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14973" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15366" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8594" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8690" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13752" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8601" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3822" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11324" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19925" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7146" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1010204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8524" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-10739" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16890" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5481" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8536" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8686" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8671" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8544" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12049" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8571" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19519" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15719" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2013-0169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8677" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5436" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-18624" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8595" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13753" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11459" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8679" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12795" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20657" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5094" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12450" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14336" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8619" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4298" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8622" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1010180" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7598" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8681" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3825" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-18074" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6237" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6706" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8673" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8559" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8687" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13822" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19923" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16769" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8672" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11023" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14822" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8608" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7662" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8615" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7665" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8666" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8457" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5953" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8689" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15847" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14498" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8735" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11236" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19924" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12245" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14404" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8726" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8596" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8696" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8610" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13636" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1563" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11070" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7149" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16056" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20337" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11110" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8584" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19959" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8675" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8563" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13232" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14040" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10715" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8609" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9283" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8587" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-18751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11022" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8583" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-9251" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11008" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8597" }, { "trust": 0.1, "url": "https://security.gentoo.org/glsa/202003-20" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.1/html-single/installation_guide/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15031" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10689" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15030" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15031" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15030" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18397" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18660" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13734" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:1475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10531" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1348" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1349" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1352" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18408" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19527" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1349" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1387" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1387" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18660" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19527" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1352" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10689" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18397" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1348" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/systemd/242-7ubuntu3.6" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu21.27" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4269-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16888" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.38" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-14277" }, { "db": "VULMON", "id": "CVE-2020-1712" }, { "db": "JVNDB", "id": "JVNDB-2020-003920" }, { "db": "PACKETSTORM", "id": "156510" }, { "db": "PACKETSTORM", "id": "156465" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "156740" }, { "db": "PACKETSTORM", "id": "157228" }, { "db": "PACKETSTORM", "id": "156226" }, { "db": "CNNVD", "id": "CNNVD-202002-302" }, { "db": "NVD", "id": "CVE-2020-1712" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-14277" }, { "db": "VULMON", "id": "CVE-2020-1712" }, { "db": "JVNDB", "id": "JVNDB-2020-003920" }, { "db": "PACKETSTORM", "id": "156510" }, { "db": "PACKETSTORM", "id": "156465" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "156740" }, { "db": "PACKETSTORM", "id": "157228" }, { "db": "PACKETSTORM", "id": "156226" }, { "db": "CNNVD", "id": "CNNVD-202002-302" }, { "db": "NVD", "id": "CVE-2020-1712" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-28T00:00:00", "db": "CNVD", "id": "CNVD-2020-14277" }, { "date": "2020-03-31T00:00:00", "db": "VULMON", "id": "CVE-2020-1712" }, { "date": "2020-04-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003920" }, { "date": "2020-02-25T15:14:33", "db": "PACKETSTORM", "id": "156510" }, { "date": "2020-02-21T15:29:04", "db": "PACKETSTORM", "id": "156465" }, { "date": "2020-10-27T16:59:02", "db": "PACKETSTORM", "id": "159727" }, { "date": "2020-03-15T14:00:09", "db": "PACKETSTORM", "id": "156740" }, { "date": "2020-04-15T00:13:27", "db": "PACKETSTORM", "id": "157228" }, { "date": "2020-02-05T19:03:17", "db": "PACKETSTORM", "id": "156226" }, { "date": "2020-02-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-302" }, { "date": "2020-03-31T17:15:26.577000", "db": "NVD", "id": "CVE-2020-1712" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-28T00:00:00", "db": "CNVD", "id": "CNVD-2020-14277" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-1712" }, { "date": "2020-04-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003920" }, { "date": "2022-07-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-302" }, { "date": "2024-11-21T05:11:13.433000", "db": "NVD", "id": "CVE-2020-1712" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "PACKETSTORM", "id": "156226" }, { "db": "CNNVD", "id": "CNNVD-202002-302" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Systemd Resource Management Error Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2020-14277" }, { "db": "CNNVD", "id": "CNNVD-202002-302" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-302" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.