VAR-202006-1806
Vulnerability from variot - Updated: 2025-12-22 22:51regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. A security vulnerability exists in the regcomp.c file in versions prior to Perl 5.30.3. An attacker could exploit this vulnerability to cause a denial of service or potentially execute code. 7.7) - ppc64, ppc64le, s390x, x86_64
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fix:
-
RHACM 2.0.8 images (BZ #1915461)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
-
Gentoo Linux Security Advisory GLSA 202006-03
https://security.gentoo.org/
Severity: Normal Title: Perl: Multiple vulnerabilities Date: June 12, 2020 Bugs: #723792 ID: 202006-03
Synopsis
Multiple vulnerabilities have been found in Perl, the worst of which could result in a Denial of Service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/perl < 5.30.3 >= 5.30.3
Description
Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Perl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.30.3"
References
[ 1 ] CVE-2020-10543 https://nvd.nist.gov/vuln/detail/CVE-2020-10543 [ 2 ] CVE-2020-10878 https://nvd.nist.gov/vuln/detail/CVE-2020-10878 [ 3 ] CVE-2020-12723 https://nvd.nist.gov/vuln/detail/CVE-2020-12723
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202006-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . * Improved analytics collection to collect the playbook status for all hosts in a playbook run
- Description:
Security Fix(es):
- Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
- Upgraded to a more recent version of Django to address CVE-2021-3281.
- Upgraded to a more recent version of autobahn to address CVE-2020-35678.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7.
- Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions.
- Fixed several issues related to how Tower rotates its log files.
- Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales.
- Fixed a bug which can cause unanticipated delays in certain playbook output.
- Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data.
- Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected.
- Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified.
- Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
- Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Bugs fixed (https://bugzilla.redhat.com/):
1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape
- It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:1266-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1266 Issue date: 2021-04-20 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 =====================================================================
- Summary:
An update for perl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64
- Description:
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source: perl-5.16.3-292.el7_4.2.src.rpm
noarch: perl-CPAN-1.9800-292.el7_4.2.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm perl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm perl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm perl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm perl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm perl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm perl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm perl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm perl-Package-Constants-0.02-292.el7_4.2.noarch.rpm perl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm
x86_64: perl-5.16.3-292.el7_4.2.x86_64.rpm perl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm perl-core-5.16.3-292.el7_4.2.x86_64.rpm perl-debuginfo-5.16.3-292.el7_4.2.i686.rpm perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-devel-5.16.3-292.el7_4.2.i686.rpm perl-devel-5.16.3-292.el7_4.2.x86_64.rpm perl-libs-5.16.3-292.el7_4.2.i686.rpm perl-libs-5.16.3-292.el7_4.2.x86_64.rpm perl-macros-5.16.3-292.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.4):
Source: perl-5.16.3-292.el7_4.2.src.rpm
noarch: perl-CPAN-1.9800-292.el7_4.2.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm perl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm perl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm perl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm perl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm perl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm perl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm perl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm perl-Package-Constants-0.02-292.el7_4.2.noarch.rpm perl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm
ppc64le: perl-5.16.3-292.el7_4.2.ppc64le.rpm perl-Time-Piece-1.20.1-292.el7_4.2.ppc64le.rpm perl-core-5.16.3-292.el7_4.2.ppc64le.rpm perl-debuginfo-5.16.3-292.el7_4.2.ppc64le.rpm perl-devel-5.16.3-292.el7_4.2.ppc64le.rpm perl-libs-5.16.3-292.el7_4.2.ppc64le.rpm perl-macros-5.16.3-292.el7_4.2.ppc64le.rpm
x86_64: perl-5.16.3-292.el7_4.2.x86_64.rpm perl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm perl-core-5.16.3-292.el7_4.2.x86_64.rpm perl-debuginfo-5.16.3-292.el7_4.2.i686.rpm perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-devel-5.16.3-292.el7_4.2.i686.rpm perl-devel-5.16.3-292.el7_4.2.x86_64.rpm perl-libs-5.16.3-292.el7_4.2.i686.rpm perl-libs-5.16.3-292.el7_4.2.x86_64.rpm perl-macros-5.16.3-292.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.4):
Source: perl-5.16.3-292.el7_4.2.src.rpm
noarch: perl-CPAN-1.9800-292.el7_4.2.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm perl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm perl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm perl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm perl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm perl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm perl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm perl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm perl-Package-Constants-0.02-292.el7_4.2.noarch.rpm perl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm
x86_64: perl-5.16.3-292.el7_4.2.x86_64.rpm perl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm perl-core-5.16.3-292.el7_4.2.x86_64.rpm perl-debuginfo-5.16.3-292.el7_4.2.i686.rpm perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-devel-5.16.3-292.el7_4.2.i686.rpm perl-devel-5.16.3-292.el7_4.2.x86_64.rpm perl-libs-5.16.3-292.el7_4.2.i686.rpm perl-libs-5.16.3-292.el7_4.2.x86_64.rpm perl-macros-5.16.3-292.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.4):
x86_64: perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-tests-5.16.3-292.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.4):
ppc64le: perl-debuginfo-5.16.3-292.el7_4.2.ppc64le.rpm perl-tests-5.16.3-292.el7_4.2.ppc64le.rpm
x86_64: perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-tests-5.16.3-292.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.4):
x86_64: perl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm perl-tests-5.16.3-292.el7_4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYH7PTtzjgjWX9erEAQg5Rg//XzoyzGoFRn5v3JT/1ZxNTBxZ+2SbVWnf MVMm5qt1Lkk8s/0DQnvJPKQaHc5yISwGIZChNZe4FxaxSfsn7nvH88d38Xpwht8q QsmKGPEyYmb9qvMbCpjFV6+T1ggaMvfikeFTCe49Kx3H/dDMKPXYvZqL9VtjbKKc Bf0G2fJkhCaEFeFksHZShu2tofoVaHeN/RkwoQrK2HWqb8emlEY5aTtdx3znzSwV Vg3l3sGJ4eDKLz8sWvUJtkkljM/uTM0klbbseyl6duBdFzzSegnn6dMcWLsntADr PgmyL5WMI7lLfJoBwK0m7D45HfCaVMVMp9dQdr5RE+IO+DXUQf9plEhKCIuPBiii aMugog1BamqQUHSYBwyhUOGjyT51SJHg+uVbvYzrQRM8v9YFDgYyliCiqJQmlik7 kq6Jmytn3AkrGQWCJy5TALvNnM59TDTM9IiBNHZ2iA3g59U2a6KZvYFgyT6JZ7rJ FEdgxtMdCLGXIS/aAeq9kiU+Jg4a3RN8gPhGiE39WACtvQ8QWs3GrYDVxlSF6eXg rzXOA6UYyTICfhT4JKb54bkH1MzR7hRaMX0UqnAF4gsPgduEmMdwSpB+5e1q/XIr tRH/FrGPdB/aTo19Pk6u3SQxgpYXQf+SpFiSpxvwsVaSNKGgm3eh3soNuXCCKfpf qTMMs3KSLLM= =1/yn -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1806",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "communications lsms",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.1.0"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.3.1"
},
{
"model": "tekelec platform distribution",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "perl",
"scope": "lt",
"trust": 1.0,
"vendor": "perl",
"version": "5.30.3"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.0.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.2.1"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "tekelec platform distribution",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.1"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.8"
},
{
"model": "communications lsms",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.2.0"
},
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "perl",
"scope": "eq",
"trust": 0.8,
"vendor": "the perl",
"version": "5.30.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:perl:perl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "162915"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161437"
}
],
"trust": 0.8
},
"cve": "CVE-2020-12723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12723",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006179",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-165430",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12723",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006179",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12723",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006179",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-165430",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. A security vulnerability exists in the regcomp.c file in versions prior to Perl 5.30.3. An attacker could exploit this vulnerability to cause a denial of service or potentially execute code. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. \n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1915461 - RHACM 2.0.8 images\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202006-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Perl: Multiple vulnerabilities\n Date: June 12, 2020\n Bugs: #723792\n ID: 202006-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Perl, the worst of which\ncould result in a Denial of Service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-lang/perl \u003c 5.30.3 \u003e= 5.30.3 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Perl. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Perl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/perl-5.30.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-10543\n https://nvd.nist.gov/vuln/detail/CVE-2020-10543\n[ 2 ] CVE-2020-10878\n https://nvd.nist.gov/vuln/detail/CVE-2020-10878\n[ 3 ] CVE-2020-12723\n https://nvd.nist.gov/vuln/detail/CVE-2020-12723\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202006-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n* Improved analytics collection to collect the playbook status for all\nhosts in a playbook run\n\n3. Description:\n\nSecurity Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to\nelevate to the awx user from outside the isolated environment:\nCVE-2021-20253\n* Upgraded to a more recent version of Django to address CVE-2021-3281. \n* Upgraded to a more recent version of autobahn to address CVE-2020-35678. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Upgraded to the latest oVirt inventory plugin to resolve a number of\ninventory syncing issues that can occur on RHEL7. \n* Upgraded to the latest theforeman.foreman inventory plugin to resolve a\nfew bugs and performance regressions. \n* Fixed several issues related to how Tower rotates its log files. \n* Fixed a bug which can prevent Tower from installing on RHEL8 with certain\nnon-en_US.UTF-8 locales. \n* Fixed a bug which can cause unanticipated delays in certain playbook\noutput. \n* Fixed a bug which can cause job runs to fail for playbooks that print\ncertain types of raw binary data. \n* Fixed a bug which can cause unnecessary records in the Activity Stream\nwhen Automation Analytics data is collected. \n* Fixed a bug which can cause Tower PostgreSQL backups to fail when a\nnon-default PostgreSQL username is specified. \n* Fixed a bug which can intermittently cause access to encrypted Tower\nsettings to fail, resulting in failed job launches. \n* Fixed a bug which can cause certain long-running jobs running on isolated\nnodes to unexpectedly fail. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract()\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: perl security update\nAdvisory ID: RHSA-2021:1266-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1266\nIssue date: 2021-04-20\nCVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 \n=====================================================================\n\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7.4\nAdvanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.4 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nperl-5.16.3-292.el7_4.2.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-292.el7_4.2.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm\nperl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm\nperl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm\nperl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm\nperl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm\nperl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm\nperl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm\nperl-Package-Constants-0.02-292.el7_4.2.noarch.rpm\nperl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm\n\nx86_64:\nperl-5.16.3-292.el7_4.2.x86_64.rpm\nperl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm\nperl-core-5.16.3-292.el7_4.2.x86_64.rpm\nperl-debuginfo-5.16.3-292.el7_4.2.i686.rpm\nperl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm\nperl-devel-5.16.3-292.el7_4.2.i686.rpm\nperl-devel-5.16.3-292.el7_4.2.x86_64.rpm\nperl-libs-5.16.3-292.el7_4.2.i686.rpm\nperl-libs-5.16.3-292.el7_4.2.x86_64.rpm\nperl-macros-5.16.3-292.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.4):\n\nSource:\nperl-5.16.3-292.el7_4.2.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-292.el7_4.2.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm\nperl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm\nperl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm\nperl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm\nperl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm\nperl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm\nperl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm\nperl-Package-Constants-0.02-292.el7_4.2.noarch.rpm\nperl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm\n\nppc64le:\nperl-5.16.3-292.el7_4.2.ppc64le.rpm\nperl-Time-Piece-1.20.1-292.el7_4.2.ppc64le.rpm\nperl-core-5.16.3-292.el7_4.2.ppc64le.rpm\nperl-debuginfo-5.16.3-292.el7_4.2.ppc64le.rpm\nperl-devel-5.16.3-292.el7_4.2.ppc64le.rpm\nperl-libs-5.16.3-292.el7_4.2.ppc64le.rpm\nperl-macros-5.16.3-292.el7_4.2.ppc64le.rpm\n\nx86_64:\nperl-5.16.3-292.el7_4.2.x86_64.rpm\nperl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm\nperl-core-5.16.3-292.el7_4.2.x86_64.rpm\nperl-debuginfo-5.16.3-292.el7_4.2.i686.rpm\nperl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm\nperl-devel-5.16.3-292.el7_4.2.i686.rpm\nperl-devel-5.16.3-292.el7_4.2.x86_64.rpm\nperl-libs-5.16.3-292.el7_4.2.i686.rpm\nperl-libs-5.16.3-292.el7_4.2.x86_64.rpm\nperl-macros-5.16.3-292.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.4):\n\nSource:\nperl-5.16.3-292.el7_4.2.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-292.el7_4.2.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-292.el7_4.2.noarch.rpm\nperl-ExtUtils-Embed-1.30-292.el7_4.2.noarch.rpm\nperl-ExtUtils-Install-1.58-292.el7_4.2.noarch.rpm\nperl-IO-Zlib-1.10-292.el7_4.2.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-292.el7_4.2.noarch.rpm\nperl-Module-CoreList-2.76.02-292.el7_4.2.noarch.rpm\nperl-Module-Loaded-0.08-292.el7_4.2.noarch.rpm\nperl-Object-Accessor-0.42-292.el7_4.2.noarch.rpm\nperl-Package-Constants-0.02-292.el7_4.2.noarch.rpm\nperl-Pod-Escapes-1.04-292.el7_4.2.noarch.rpm\n\nx86_64:\nperl-5.16.3-292.el7_4.2.x86_64.rpm\nperl-Time-Piece-1.20.1-292.el7_4.2.x86_64.rpm\nperl-core-5.16.3-292.el7_4.2.x86_64.rpm\nperl-debuginfo-5.16.3-292.el7_4.2.i686.rpm\nperl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm\nperl-devel-5.16.3-292.el7_4.2.i686.rpm\nperl-devel-5.16.3-292.el7_4.2.x86_64.rpm\nperl-libs-5.16.3-292.el7_4.2.i686.rpm\nperl-libs-5.16.3-292.el7_4.2.x86_64.rpm\nperl-macros-5.16.3-292.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\nperl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm\nperl-tests-5.16.3-292.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4):\n\nppc64le:\nperl-debuginfo-5.16.3-292.el7_4.2.ppc64le.rpm\nperl-tests-5.16.3-292.el7_4.2.ppc64le.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm\nperl-tests-5.16.3-292.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4):\n\nx86_64:\nperl-debuginfo-5.16.3-292.el7_4.2.x86_64.rpm\nperl-tests-5.16.3-292.el7_4.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-12723\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYH7PTtzjgjWX9erEAQg5Rg//XzoyzGoFRn5v3JT/1ZxNTBxZ+2SbVWnf\nMVMm5qt1Lkk8s/0DQnvJPKQaHc5yISwGIZChNZe4FxaxSfsn7nvH88d38Xpwht8q\nQsmKGPEyYmb9qvMbCpjFV6+T1ggaMvfikeFTCe49Kx3H/dDMKPXYvZqL9VtjbKKc\nBf0G2fJkhCaEFeFksHZShu2tofoVaHeN/RkwoQrK2HWqb8emlEY5aTtdx3znzSwV\nVg3l3sGJ4eDKLz8sWvUJtkkljM/uTM0klbbseyl6duBdFzzSegnn6dMcWLsntADr\nPgmyL5WMI7lLfJoBwK0m7D45HfCaVMVMp9dQdr5RE+IO+DXUQf9plEhKCIuPBiii\naMugog1BamqQUHSYBwyhUOGjyT51SJHg+uVbvYzrQRM8v9YFDgYyliCiqJQmlik7\nkq6Jmytn3AkrGQWCJy5TALvNnM59TDTM9IiBNHZ2iA3g59U2a6KZvYFgyT6JZ7rJ\nFEdgxtMdCLGXIS/aAeq9kiU+Jg4a3RN8gPhGiE39WACtvQ8QWs3GrYDVxlSF6eXg\nrzXOA6UYyTICfhT4JKb54bkH1MzR7hRaMX0UqnAF4gsPgduEmMdwSpB+5e1q/XIr\ntRH/FrGPdB/aTo19Pk6u3SQxgpYXQf+SpFiSpxvwsVaSNKGgm3eh3soNuXCCKfpf\nqTMMs3KSLLM=\n=1/yn\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "162915"
},
{
"db": "PACKETSTORM",
"id": "158058"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161437"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12723",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162915",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161437",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162021",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161728",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161726",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162130",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161656",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162245",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159726",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159707",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161255",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161843",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-37943",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202006-146",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-165430",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158058",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "162915"
},
{
"db": "PACKETSTORM",
"id": "158058"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161437"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"id": "VAR-202006-1806",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-165430"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T22:51:26.528000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "study_chunk: avoid mutating regexp program within GOSUB",
"trust": 0.8,
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"title": "perl5/pod/perl5303delta.pod",
"trust": 0.8,
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"title": "Segfault in S_study_chunk (regcomp.c:4870) #16947",
"trust": 0.8,
"url": "https://github.com/Perl/perl5/issues/16947"
},
{
"title": "study_chunk recursion #17743",
"trust": 0.8,
"url": "https://github.com/Perl/perl5/issues/17743"
},
{
"title": "Comparing changes",
"trust": 0.8,
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/issues/16947"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/issues/17743"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12723"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35678"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20253"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20178"
},
{
"trust": 0.2,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20191"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20253"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35678"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35513"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35513"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2184"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0780"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1266"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0557"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "162915"
},
{
"db": "PACKETSTORM",
"id": "158058"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161437"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "162915"
},
{
"db": "PACKETSTORM",
"id": "158058"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161437"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-165430"
},
{
"date": "2021-03-30T14:26:55",
"db": "PACKETSTORM",
"id": "162021"
},
{
"date": "2021-03-04T15:33:19",
"db": "PACKETSTORM",
"id": "161656"
},
{
"date": "2021-06-02T13:48:39",
"db": "PACKETSTORM",
"id": "162915"
},
{
"date": "2020-06-12T14:44:55",
"db": "PACKETSTORM",
"id": "158058"
},
{
"date": "2021-03-09T16:23:27",
"db": "PACKETSTORM",
"id": "161726"
},
{
"date": "2021-03-09T16:26:05",
"db": "PACKETSTORM",
"id": "161728"
},
{
"date": "2021-04-08T14:00:00",
"db": "PACKETSTORM",
"id": "162130"
},
{
"date": "2021-04-20T16:17:10",
"db": "PACKETSTORM",
"id": "162245"
},
{
"date": "2021-02-16T15:46:29",
"db": "PACKETSTORM",
"id": "161437"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"date": "2020-06-05T15:15:10.800000",
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-165430"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"date": "2024-11-21T05:00:08.870000",
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "162245"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…